Steffen Heil wrote: > For example, I DO have dnsblacklists, helo string checking, mime checks, > clsid extension checks, empty and to large boundary checks, verify > sender domain and soon some callout-checks in front of clamav. > However, some mail should get delivered and those should be checked, > right?
The helo checks, blacklists and other sender/client checks are just generalisations for any type of junk email. They are not the ones that I was including in that assessment. The main types of checks that should be done are regarding the composition of the emails. For example, the ones you mention above, clsid and boundary checks, will stop a proportional amount of virus mails from getting any further. Then there are others, like iframe, executable extensions, certain aspects of html content, excessive header line lengths, to name but a few. A lot of the virus emails, as well as containing the virii themselves, also rely upon exploits or failings in the targeted MUA software to actually execute or mask the content until it is executed. That is why there are such a raft of 'mime sanitising' programmes available, Anomy and MimeDefang being prime examples. The scripts I use are homemade, building up gradually, (over the last few months), in finesse and precision. It isn't perfect, granted, but it is getting closer. The few it does tend to miss due to exploits or invalid/dubious composition are then subjected to virus scanning. It literally boils down to the fact that if some content/composition in an email is not encountered in legitimate emails, then the assumption of its contents not being legitimate and safe are ninety something percent. Any type of defensive system is built upon layers. The order of the layers is down to personal preference, but there should always be a minimum of two layers of defense for any given attack vector. ( If my posts get any longer, they'll be in pocket book format soon :) All the best, Matt ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
