On Fri, Mar 08, 2002 at 05:07:34PM +0000, Matt Sergeant wrote: > On Fri, 8 Mar 2002, Michael Shields wrote: > > > > How would you, for example, propose to catch a polymorphic executable > > > virus? Our code catches these using a disassembler and examining the code > > > to see if it tries to do something malicious. > > > > I don't really care what the code is trying to do. I would be happy > > to discard all executables. Every single one I receive is junk. > > I totally understand your wishing to have this feature in your mail > processing setup. I'm not arguing against that. But I don't see it's place > in SpamAssassin because we simply can't react fast enough to viruses > without proper heuristic scanning. So we end up on a slippery slope with > rules/20_viruses.rc, which contains a bazillion special cases for every > single damn virus out there in the wild (about 3000 of them). > > If you want to stop executables, put a rule in your local.cf checking > for executable attachments and set the score to +100, but I suspect not > everyone wants that. >
Perhaps if someone creates 20_virii.rc it could be put in the contrib directory (if that yet exists) -- Duncan Findlay _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
