On Thu, 28 Jul 2005, Rick Macdougall wrote:
> Dr Robert Young wrote:
>
> > We had a very short spam come in (actually it had a virus attachment
> > named "updated-password.zip"). There is not much to grab onto
[snip..]
> > attachment in the header/body of the email to ID this (see below).
> > Any thoughts on how to approach? Using SA 3.0.4 with Razor2 installed.
>
> How about running a virus scanner like clamav ?
ClamAV (and other virus scanners) work great for fully formed viri
but fail totally in the case of still-born (partial) viri.
It's not unusual to see messages sent by brain-damaged viri that
are incomplete or totally lacking in payload. ClamAV will not block
them as they don't fully match any signatures but they're still an
annoyance to people eventho harmless.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
