On Wed, Jan 30, 2002 at 08:25:56AM +1100, Daniel Pittman wrote:
| On Tue, 29 Jan 2002, dman wrote:
| > On Tue, Jan 29, 2002 at 02:58:56PM -0500, Mike Coughlan wrote:
| >
| >| > Has anybody created a rule for the MyParty virus? It is trapped by
| >| > our virus scanner, but it would be nice to have a rule in SA to
| >| > catch it.
| >
| >| Maybe this is an old philpsophical debate, but I'd be afraid of code
| >| bloat in catching all mail viruses on top of spam.
| >
| > True, but I suppose this time you can add the definition of 'spam' to
| > the argument list. On the one had, virii are "unsolicited junk mail".
| >
| > My view on this (here, now) is :
| > If it is trivially easy to flag the virus within the existing SA
| > framework, why not?
|
| When did you last look at the size of the published virus database from
| one of the big vendors?
A long time ago. I think the NAV updates aren't free anyways (which
is what I used to have at work) so I didn't see much even then.
| Now, if you catch one virus, you can catch two. Once two, why not three?
|
| Where do you stop? When?
When that virus isn't popular any more :-).
| It's hard enough to find spam. Adding a second target to the mix
| makes it slower, harder to manage and less useful to people.
Are you referring to the processing (CPU, etc) time that SA takes?
Certainly more and more rules will consume more and more resources.
It would also require resources to run a "real" virus scanner too.
Perhaps, if the rules are included at all, they should default to off.
Perhaps they should be available in a separate virus-specific rule
list (file) for people to try if they are so inclined. Just some
thoughts ...
| > Just three more lines in the config file, and easy enough for users to
| > turn on/off. (you can also argue - then add it to my own configuration
| > - and that is valid too)
|
| ...or you can distribute a ruleset that does match whatever subset of
| possible Windows virus distributions you wish. See how many people use
| it.
|
| Then come back and tell us that ten thousand people depend on it and I
| will happily admit to being wrong about it. ;)
:-)
Like I said (and you qouted) : I can add it to my own config easily
enough. My intent, as I mentioned in the last post (a few seconds
ago), is simply to reduce the annoyance and clutter they cause. They
can't harm my system at all aside from resource consumption in
delivery.
| Besides, why not block it with the content filtering rules of your MTA?
Like disallowing all VBS attachments? Hmm, I could do that, I
suppose, if I RTFM :-).
-D
--
Many are the plans in a man's heart,
but it is the Lord's purpose that prevails.
Proverbs 19:21
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
