On Tue, Jan 27, 2004 at 10:54:48AM +0000, Nancy McGough wrote:
Another option is to use one of the generic virus-snagging
recipes that I have listed here:
<http://www.ii.com/internet/robots/procmail/qs/#viruses>
I'm using Dallman Ross's Virus Snagger recipes and they are
catching a lot right now. Does anyone know if they catch
everything that's floating around right now? Does NASTYEXT need
to be expanded to catch everything in the latest onslaught?
I haven't actually seen any live viruses in a couple of months,
because my ISP started blocking them at the SMTP-connection
phase (or maybe I just haven't gotten any of these, though I
used to get a lot of Swen, etc.); so I can't answer your
question with absolute definitiveness. But I see no reason
why the Virus Snagger set wouldn't work on this; and I have
not received any email from users complaining that they do
not. (And the downloads of my recipes continue at a steady
pace.)
NASTYEXT is a generic string that blocks what I consider to
be the most dangerous, most likely extensions, while
attempting to balance against blatant overreaction. My
philosophy has never been to block every conceivable thing
in sight, but rather to manage risk and permit normal
communication. (Otherwise we'd just have .forward set
to /dev/null, heh.) :-) If individual users wish to
change or expand NASTYEXT, that is always an option. That's
why I wrote the stuff modularly, in fact. Personally, I
don't even stop EXEs, as I get valid ones in mail sometimes.
My own NASTYEXT looks like the one in the published files,
but with "exe" removed.
If someone using Virus Snaggers can state definitively
that it continues to work on new viruses, that would be
helpful.
Thanks, Nancy.
Dallman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail