Re: antivirus recomendation?
On Fri, 21 Nov 2003 at 18:27 GMT, Derrick 'dman' Hudson penned:
> On Fri, 21 Nov 2003 14:10:16 +0100, Arnt Karlsen wrote:
>> On Thu, 20 Nov 2003 17:14:41 -0700, "Monique Y. Herman"
>> <firstname.lastname@example.org> wrote in message
>>> On Thu, 20 Nov 2003 at 21:12 GMT, Arnt Karlsen penned:
>>> > ..other wintendo compiler and virus signatures, anyone?
> Be aware that this is incomplete and could also yield false positives.
> Just suppose, for a dumb off-the-top-of-my-head example, I send a file
> to you named "shell.commands". You'll reject it as being an MS
> executable. That's the false positive portion. You need to anchor
> the pattern, according to MIME rules, but then you need lots of
> variation due to variations allowed in the MIME rules. Your list of
> extensions is also about 3 or 4 times as short as the more complete
> ones I've seen on the web. To be truly accurate, you need an actual
> MIME parser, not a regex here.
Hrm. I'm using the above line within tmda, and I'm pretty sure
(although not 100% sure) that, the way I use it, it only looks for lines
that *end* in those extensions. The rule is:
body 'filename\=.*\.(pif|scr|exe|bat|com|vbs)' drop
No, it's not perfect, but it works for most everything I've had to deal
Anyway, I didn't expect that I would be the only one to answer the
question ... I expected to see a lot of people chiming in, if only to
mention "you forgot extension .foo," etc. If you know of other
extensions that should be blocked, by all means, share them.
>> ..thanks Monique, that I guess leaves "other wintendo compiler
>> signatures, anyone?". ;-)
>> ..does anyone have a good guess which compiler was used compiling
> MSVC. (Microsoft Visual C / C++, aka Visual Studio) What else would
> a windows person use? (Ok, Borland perhaps. I wouldn't be surprised
> if that generated the same "this app needs windows, not dos" header)
PLEASE don't CC me. Please. Pretty please with sugar on top.
Whatever it takes, just don't CC me! I'm already subscribed!!