On Fri, 8 Mar 2002, Michael Shields wrote: > > How would you, for example, propose to catch a polymorphic executable > > virus? Our code catches these using a disassembler and examining the code > > to see if it tries to do something malicious. > > I don't really care what the code is trying to do. I would be happy > to discard all executables. Every single one I receive is junk.
I totally understand your wishing to have this feature in your mail processing setup. I'm not arguing against that. But I don't see it's place in SpamAssassin because we simply can't react fast enough to viruses without proper heuristic scanning. So we end up on a slippery slope with rules/20_viruses.rc, which contains a bazillion special cases for every single damn virus out there in the wild (about 3000 of them). If you want to stop executables, put a rule in your local.cf checking for executable attachments and set the score to +100, but I suspect not everyone wants that. -- Matt. <:->get a SMart net</:-> ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
