From: Andy
Jezierski [mailto:[EMAIL PROTECTED]
Dr Robert Young <[EMAIL PROTECTED]> wrote on 07/28/2005 03:09:48 PM:
>> We had a very short spam come in (actually it had a virus attachment
>> named "updated-password.zip"). There is not much to grab onto
>>
[snip]
>Don't use SA for trapping viruses, get a virus scanner. ClamAV comes to mind.
Dr Robert Young <[EMAIL PROTECTED]> wrote on 07/28/2005 03:09:48 PM:
>> We had a very short spam come in (actually it had a virus attachment
>> named "updated-password.zip"). There is not much to grab onto
>>
[snip]
>Don't use SA for trapping viruses, get a virus scanner. ClamAV comes to mind.
I am not as adamant as Andy but generally agree
-- there is nothing really
"wrong" with SA if it works for this BUT it is
likely using a saw when you
need a drill or some such analogy.
<grin>
ClamAV (free for both Linux-Posix or Windows)
and the ALMOST free
FProtect are good choices for Virus
scanning.
Many email servers have there own rules but
mostly these are good for
just stopping the .exe, .cmd, .pif, .scr, etc
(I have a long list if anyone
needs it.)
For that great variety of virus Zip names the
best method seems to be the
virus scanner AND this lets you still send
legitimate zip files if you wish
without having to block them all.
For the purely executable extensions I do block them since Outlook and
For the purely executable extensions I do block them since Outlook and
Outlook Express generally do that anyway they
are pretty worthless to
our users -- better to just force everyone to
compress or zip if they
have a legitimate reason to send
executables.
Herb Martin
[EMAIL PROTECTED] http://LearnQuick.Com
Accelerated MCSE in a
Week Seminars
Sent: Thursday, July 28, 2005 3:13 PM
To: users@spamassassin.apache.org
Subject: Re: Trying to id spam
Andy
