On Sun, 29 Feb 2004, 14:26 GMT-07 (22:26 local time) LuKreme wrote:
in <http://www.softlabs.info/antivirus/SoftlabsAV-0.1/ReadMe.txt> you
say:
sed --version
This should give something like 'GNU sed version 4.0.8'.
This command only works, of course, if your sed is gsed (GNU sed). I
do not know of a way to get a version from sed.
Thanks for pointing that out. I have removed the sed version
related info from the ReadMe that will be included in my next release.
The version does not matter, anyway - I only use it once in my
AntiVirus recipe, in the form
sed -ne '1 p'
to only return the first line of the output from
zipinfo -1 $ZIPFILE
Looking over your readme it appears that executables (.exes) that are
zipped are quarantined. If this is correct it's going to make the
recipe painful for a lot of people. For example, the majority of .zips
I get are .exe files. Other things tend to come in as .rar .tgz or
.tar (or, more rarely, .tbz).
Yes, zipped executables having one of the BAD_EXT extensions are
quarantined *if* the mail's size is between approx. 10 KB and 1 MB
*and* if it is the first file within the .zip that must not be inside
a directory to be treated as virus. To minimize false-positive
results, I can enhance the check in a future release, to obligatory
match the executable's base name with the zip's basename. For
example, if an attachment with the name 'attach2.zip' contains
'attach2.doc.com', the mail will be catched, but if it contains
'anothername.com', it won't.
"Bad" executables will only be catched if they are inside a .zip, not
in any other archives, since this is the only archive format viruses
have been spreading around within to me, so far.
I have no problem with zipped exe files. if someone is stupid enough
to open an unknown zip file and then run the unknown file inside it...
well, they deserve what they get. there are no tools to deal with that
level of wilful stupidity.
I don't want to receive virus like exes in zips. Until I installed
my AntiVirus filter, I have received a lot of .exe viruses inside
zips, and now I got rid of them :-) I can still check if there is some
good mail in the ZIP.exe.virus file residing in the Quarantine
directory, but, so far, in fact there only have been viruses inside.
One other note, your package includes a /etc/procmailrc. In my opinion
this is bad form. You should have a /etc/softlabs.rc and have
instructions to INCLUDERC this file in the /etc/procmailrc. Just my
opinion.
I agree that it is a bad practise to overwrite an existing
/etc/procmailrc file, but my ReadMe recommends to only use the shipped
one *if* the target system does *not* already have one:
"If there does not yet reside a '/etc/procmailrc' on your server, use
the shipped one; otherwise, be sure to copy the essential parts of the
shipped '/etc/procmailrc' into your own one."
Thanks for your feedback, it's appreciated!
best,
rob.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail