Don't underestimate clamav. Sure it does not have 75,000 virii in it's database, but it catches well over 98% of the viruses that cross my little ISP. (I run both NOD32 and ClamAV with MailScanner so I see all the ones that NOD gets and ClamAV does not, which is _very_ few). Plus the ClamAV community seems to have reached something close to critical mass in so far as quickly as I can find a new virus (Sobig.F, Gibe.F) I am often too late as someone else has already submitted it and the database has been updated.
Mike On Wed, Sep 24, 2003 at 01:54:42AM +0200, Thomas Ritter wrote: > Am Dienstag, 23. September 2003 23:48 schrieb Joel HATSCH: > > > > of these fake Microsoft Update emails per day. > > > > The single part MIME filter doesn't seem to catch it though. What > > Just a note: Open Antivirus programs like clamav are not perfect, because the > open virus database [1] is still too small... but for _sorting_ mail, clamav > (it's in sid) is really good. It gives you > > X-Virus-Found: yes > X-Virus-Status: > ------------------------------------------------------------ > Virus Scan Status: > ------------------------------------------------------------ > /tmp/07ae019a324f44ed/textportionKGUGaX: OK > /tmp/07ae019a324f44ed/textportionOE5x4J: OK > /tmp/07ae019a324f44ed/textportion4onCon: Worm.Gibe.F FOUND > /tmp/07ae019a324f44ed/UPGRADE.exegbm4Ix.exe: Worm.Gibe.F FOUND > > in a mail with a virus if you use clamfilter [2], a single-file perl script, > from procmail. Maybe clamfilter should be put into a package, it comes in > handy. > > And... a mail with a positive virus recognition can be deleted without having > to fear it's a false positive, against which a mail found to be Spam by > Spamassassin may be a real mail. Clamav is growing, but doesn't recognize > enough virii to protect an M$-System, but hey, my "Spam and Virii" folder, > which I checked every day because of some false positives I got just became > one Spam folder with low traffic and one Virii folder where mails are being > marked read automatically and deleted after two months (food for > spamassassin). Just walking through some Spam mails per day for real mails is > really much easier than clicking through all those Worm mails. > > By the way, can anyone tell me why on a debian system the Spamassassin flag > "MICROSOFT_EXECUTABLE" scores less than one point? A mail with a M$ EXE > should really score 4.5 or so, because even if one of my friends sends me an > EXE file on purpose, I would look for that in my Spam folder first ;) > > [1] http://www.openantivirus.org/ > [2] http://www.everysoft.com/clamfilter.html > > -- > Thomas Ritter > > "Those who would give up essential liberty, to purchase a little temporary > safety, deserve neither liberty nor safety." - Benjamin Franklin > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Michael Sullenszino /---------------------------\ [EMAIL PROTECTED] | Powered By OpenBSD | | http://www.openbsd.org | \---------------------------/
