On Wed, Feb 25, 2004 at 05:03:07PM +0100, Robert Allerstorfer wrote:
OK, I see what purpose you have in mind. There is yet another procmail
recipe which seems to do a great job as well, catching all those nasty
known viruses currently spreading around, including NetSky.B, here:
http://agriroot.aua.gr/~nikant/nkvir-rc
Yes. Nick comes by here not infrequently. I think his stuff is
fine, though I've never actually run it. I'm sure he'll enjoy
that you pointed out the link.
I do my own extensive spam tests under the philosophy of my own
heuristics, and the ones Nick runs in that same file are redundant
for me. There are some things I admire his presentation there.
I don't want to put the kitchen sink all in one package, though.
Moreover, my ideas about How To Do It are, well, just different.
So go ahead and use his stuff, I won't resent it at all, nor will
I think you're making a huge mistake or something. :-) I do
think all those scored body checks on all messages is rather a
bit of overhead of the type that I tried very hard to avoid for
most messages in mine (both in my published plug-in and in my
private spam runs).
One question I do have, looking briefly at that file of Nick's
again, is whether such short viral-signature regex's aren't
veering toward possible false-pozzes. Base64 encodes 3 bytes
into 4. Some of the patterns are pretty damn short, so perhaps
as few as 12 bytes of binary data is used to ID the virus. This
is true of at least one permutation of the signature set I use,
too, though I'm only running it on ZIPs. I don't know what the
false-poz rate would be to that. Maybe not high, but I'm just not
prepared to make a conclusion about it.
Dallman
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail