From: Charlie Summers <charlie(_at_)lofcom(_dot_)com>
At 11:58 AM -0500 12/8/01, Dallman Ross is rumored to have typed:
Well, George, my old virus snagger, originally suggested by Philip
Guenther two years ago, still works, and snagged your article
despite the attempted spoof.
Which implies to me, anyway, that the recipe DOESN'T "work," since
it "snagged" a perfectly innocent, non-viral message. A false positive
is worse than a false negative, since at least you're receiving all of
your innocent email and/or not driving people bonkers with incorrect
viral warnings (but then, since I have the sense not to use either
Microsoft applications or operating systems, I can afford to say
that).
I don't know that I agree. If you try with some effort to make
an email look like a virus, at some point on the slippery slope
the protective recipe is going to decide that it could be a
virus. I don't mind having a fairly loose test, because I don't
automatically trash the messages, and I'm not filtering others' mail.
If I were, then I'd tighten it. (I don't send out warnings
for having triggered that recipe, either.)
George, the original contributor to whom I responded, also has
a recipe that snags non-viruses, as he said. His would categorize
his own mail as a virus if not for the changing of "name" to
"namme" or some similar munge. I like mine better, for lots
of reasons. But if I start getting involved in extended discussions
about double-extensions and viruses, - which I haven't done before -
then, sure, I'd add some further testing to the recipe to forefend
false positives. I've nothing against that. I just haven't
needed it myself before now.
--
dman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail