Jan Pieter Cornet wrote:
I believe it's way easier to do the opposite: list only viruses that do NOT fake the sender. The only ones you'd expect to find in email are things like eicar, joke and macro viruses.
I just check for a small list (Mimail, Sober, etc.), plus anything that starts with "Worm." or contains "@mm". @MM is used by Norton, McAfee and others to indicate a worm that does its own mass mailing. Yeah, the criteria are slightly different -- it's looking for self-mailers and worms rather than specifically self-mailers that forge the sender -- but it does the job here.
-- Kelson Vibber SpeedGate Communications, <www.speed.net> _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
