Am Dienstag, 23. September 2003 23:48 schrieb Joel HATSCH: > > > of these fake Microsoft Update emails per day. > > > The single part MIME filter doesn't seem to catch it though. What
Just a note: Open Antivirus programs like clamav are not perfect, because the open virus database [1] is still too small... but for _sorting_ mail, clamav (it's in sid) is really good. It gives you X-Virus-Found: yes X-Virus-Status: ------------------------------------------------------------ Virus Scan Status: ------------------------------------------------------------ /tmp/07ae019a324f44ed/textportionKGUGaX: OK /tmp/07ae019a324f44ed/textportionOE5x4J: OK /tmp/07ae019a324f44ed/textportion4onCon: Worm.Gibe.F FOUND /tmp/07ae019a324f44ed/UPGRADE.exegbm4Ix.exe: Worm.Gibe.F FOUND in a mail with a virus if you use clamfilter [2], a single-file perl script, from procmail. Maybe clamfilter should be put into a package, it comes in handy. And... a mail with a positive virus recognition can be deleted without having to fear it's a false positive, against which a mail found to be Spam by Spamassassin may be a real mail. Clamav is growing, but doesn't recognize enough virii to protect an M$-System, but hey, my "Spam and Virii" folder, which I checked every day because of some false positives I got just became one Spam folder with low traffic and one Virii folder where mails are being marked read automatically and deleted after two months (food for spamassassin). Just walking through some Spam mails per day for real mails is really much easier than clicking through all those Worm mails. By the way, can anyone tell me why on a debian system the Spamassassin flag "MICROSOFT_EXECUTABLE" scores less than one point? A mail with a M$ EXE should really score 4.5 or so, because even if one of my friends sends me an EXE file on purpose, I would look for that in my Spam folder first ;) [1] http://www.openantivirus.org/ [2] http://www.everysoft.com/clamfilter.html -- Thomas Ritter "Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin
