Hi there,
On Sat, 2 Jun 2012, Cedric Knight wrote:
... far more links to malicious executables appear in mail
than do the actual executables themselves.
This was certainly true with the Storm/Dorf botnet, but I think the
pendulum may have swung back. I'm not sure how easy it is to
quantify the ratio exactly.
Easy enough grepping my mail logs. Typically 150-200 mails rejected
per month because of malicious links and between zero and two because
of some sort of executable content. Note that this is after rejection
by iptables/ipsets of approximately ten thousand connections attempts
daily from a list of roughly nine hundred million IP addresses.
... I can't see a cleanlist working.
Agreed - and I didn't suggest it.
I've tried rejecting all zipped EXEs in zipext.zmd and had complaints
within a few hours from legitimate senders ...
I told you, get used to it. :) If it's so important I tell them to
lick a stamp.
Malware links are a different issue, and I think can some of the .ndb
files you mention have sufficiently high false-positive rates that you
might not want to use them unless that possibility is made clear to users.
Users get used to the idea that there are false positives. They might
not like it, but they can get used to it.
... A good argument for a non-standard OS,
Well it's an interesting use of the term 'non-standard'. :) It wasn't
so much an argument for a non-standard OS, as an argument against the
company which brought us "winmail.dat", and which, when one installs
one of its products, tells him straightway to rush out and get some
other product to protect it. How would the user react if he bought a
washing machine, and the first thing it said in the instruction manual
was to go out and buy a tube of leak sealant? How has the world let
itself be hoodwinked like this? An entire flamin' *industry* built on
the openly acknowledged failings of a single manufacturer? </rant>
... reminding us that ... user education is important?
You do like making things difficult for yourself, don't you? :)
Important isn't the word, it's impossible. They simply aren't
interested. You might as well tell them to drink responsibly, or
respect the speed limits. All technical problems are in the end
amenable to reason. This isn't a technical problem, and it isn't
going to yield to reason.
--
73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
