most klez infections use the IFrame exploit, so infact the IFrame Exploit
will match before the klez one. what we do is break up the email into all
the mime peices, decode them and scan the individual portions, most of the
time clamscan picks up both iframe & klez, iframe being the first mime part
of the message... so as i can see being picked up first?
On Fri, 14 Feb 2003 [EMAIL PROTECTED] wrote:
>
> clamd usually catches between 100-160 klez infections per day on e-mail to
> our domain.
> The day the Exploit.IFrame and Exploit.IFrame.HTML rules were added, only
> 64 were caught (our rules update at 11am, and 11pm EST).
> Today, only 26 klez were caught.
>
> I highly doubt all those klez infections magically got cleaned up at the
> same time that these new rules were added.
>
> However, Exploit.IFrame.HTML cause 86 violations today, and if those were
> actually klez, then all the klez crap is likely still getting caught.
>
> I'm just hoping to verify with someone that knows the Exploit.IFrame.HTML
> rule and klez that this is the case (klez still being caught, just
> identified differently).
> And if that is the case, then I'm wondering if there's a way to get the
> klez rule to match first so that these appear to be identified more
> accurately/appropriately.
>
> Thanks in advance,
> --
> Josh I.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Nigel Kukard (Chief Executive Officer)
Lando Technologies Africa (Pty) Ltd
[EMAIL PROTECTED] www.lando.co.za
Tel: 083 399 5822 Fax: 086 1100036
Hoheisen Park Bellville, Cape Town
National Internet Service Provider
The best language to use is the language that was designed for
what you want to use it for - 1997
=====================================================================
Disclaimer
----------
The contents of this message and any attachments are intended
solely for the addressee's use and may be legally privileged and/or
confidential information. This message may not be retained,
distributed, copied or used if you are not he addressee of this
message. If this message was sent to you in error, please notify
the sender immediately by reply e-mail and then destroy the message
and any copies thereof.
Opinions, conclusions and other information in this message may be
personal to the sender and is not that of Lando Technologies Africa
or any of it's subsideries, associated companies or principals and
is therefore not endorsed by any of the Lando groups of companies.
Due to e-maill communication being insecure, Lando groups of
companies do not guarantee confidentiality, security, accuracy or
performance of the e-mail. Any liability for viruses is excluded
to the fullest extent.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
