[SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc.rule ideas)

2002-03-09 Thread Daniel Pittman
On Sat, 09 Mar 2002, Michael Shields wrote: > In article <[EMAIL PROTECTED]>, > Daniel Pittman <[EMAIL PROTECTED]> wrote: >> MIMEdefang does exactly >> what you want. It will strip away executable files and discard them >> completely for you -- perfect f

[SAtalk] Re: Catching virus distribution with SpamAssassin

2002-03-09 Thread Todd Martin
Take a look at MailScanner (http://www.mailscanner.info). It is meant to be the interface between sendmail or Exim and a commercial command line virus scanner. But wait...there's more 8-) It also has a attachment manager so you can filter out .exe files (and any/all the other popular virus-cre

[SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc.rule ideas)

2002-03-09 Thread Michael Shields
In article <[EMAIL PROTECTED]>, Daniel Pittman <[EMAIL PROTECTED]> wrote: > MIMEdefang does exactly what > you want. It will strip away executable files and discard them > completely for you -- perfect filtering of the "junk" you get. It looks like MIME

RE: [SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc.rule ideas)

2002-03-08 Thread Rose, Bobby
2002 5:43 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc.rule ideas) On Fri, 08 Mar 2002, Rob McMillin wrote: > Matt Sergeant wrote: > >>>If you use a secure mailer, than viruses are not a threat, nothing >>>but

[SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc.rule ideas)

2002-03-08 Thread Daniel Pittman
On Fri, 08 Mar 2002, Rob McMillin wrote: > Matt Sergeant wrote: > >>>If you use a secure mailer, than viruses are not a threat, nothing >>>but more junk. I don't see any reason not to consider them spam. >> >>They are junk, but not UCE. >> >>How would you, for example, propose to catch a polymorp

[SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc.rule ideas)

2002-03-08 Thread Daniel Pittman
On Fri, 08 Mar 2002, Michael Shields wrote: > In article <[EMAIL PROTECTED]>, > Daniel Pittman <[EMAIL PROTECTED]> wrote: >>> Low-hanging fruit, though it's out of date these days, catch >>> the snowhite virus since it's there: >>> >>> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL st

Re: [SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc. rule ideas)

2002-03-08 Thread Duncan Findlay
On Fri, Mar 08, 2002 at 05:07:34PM +, Matt Sergeant wrote: > On Fri, 8 Mar 2002, Michael Shields wrote: > > > > How would you, for example, propose to catch a polymorphic executable > > > virus? Our code catches these using a disassembler and examining the code > > > to see if it tries to do

Re: [SAtalk] Re: Catching virus distribution with SpamAssassin (wasRe: Misc. rule ideas)

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Michael Shields wrote: > > How would you, for example, propose to catch a polymorphic executable > > virus? Our code catches these using a disassembler and examining the code > > to see if it tries to do something malicious. > > I don't really care what the code is trying to d

AW: [SAtalk] Re: Catching virus distribution with SpamAssassin (wasRe: Misc. rule ideas)

2002-03-08 Thread Martin Bene
Hi Michael > > How would you, for example, propose to catch a polymorphic > executable > > virus? Our code catches these using a disassembler and > examining the code > > to see if it tries to do something malicious. > > I don't really care what the code is trying to do. I would be happy > to

Re: [SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc. rule ideas)

2002-03-08 Thread Rob McMillin
Matt Sergeant wrote: >>If you use a secure mailer, than viruses are not a threat, nothing but >>more junk. I don't see any reason not to consider them spam. >> > >They are junk, but not UCE. > >How would you, for example, propose to catch a polymorphic executable >virus? Our code catches these u

Re: [SAtalk] Re: Catching virus distribution with SpamAssassin (wasRe: Misc. rule ideas)

2002-03-08 Thread Michael Shields
> How would you, for example, propose to catch a polymorphic executable > virus? Our code catches these using a disassembler and examining the code > to see if it tries to do something malicious. I don't really care what the code is trying to do. I would be happy to discard all executables. Eve

Re: [SAtalk] Re: Catching virus distribution with SpamAssassin (wasRe: Misc. rule ideas)

2002-03-08 Thread Matt Sergeant
On Fri, 8 Mar 2002, Michael Shields wrote: > In article <[EMAIL PROTECTED]>, > Daniel Pittman <[EMAIL PROTECTED]> wrote: > >> Low-hanging fruit, though it's out of date these days, catch > >> the snowhite virus since it's there: > >> > >> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL

[SAtalk] Re: Catching virus distribution with SpamAssassin (was Re: Misc.rule ideas)

2002-03-08 Thread Michael Shields
In article <[EMAIL PROTECTED]>, Daniel Pittman <[EMAIL PROTECTED]> wrote: >> Low-hanging fruit, though it's out of date these days, catch >> the snowhite virus since it's there: >> >> header SNOWWHITE_VIRUS Subject =~ /Snowwhite.*REAL story/ >> describe SNOWWHITE_VIRUS The snow whit