[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Tue, 2002-05-14 at 19:31, Joseph Carter wrote:
> On Mon, May 13, 2002 at 07:56:00AM +1200, Matthew Grant wrote:
> > Does ScannerDaemon (that GPLed java daemon) detect all the Klez worms
> > reliably?  Or does its database need updating?  If clam AV is not
> > algorithmically at fault, then it means we can go ahead and package it.
> Frankly, it would be good if someone would add to the useful procmail
> recipes a filter to remove any executable attachments from an email
> outright or mark them as spam or delete them or something.  NOBODY should
> be emailing an executable.  A zip maybe, an image okay.  An executable,
> particularly a win32 executable is almost guaranteed to be a virus.

This is a FAQ for amavis, on why amavis doesn't support this.

While I don't agree with their reasoning, they say it gives a false
sense of security because it is too easy to hide a virus inside a virus
with the wrong MIME type or wrong extension (eg *.doc), and have it
still execute on a broken Windows machine.

Personally, I think any file that ends in extensions like *.exe, *.bat,
*.com, *.scr (and maybe even *.doc; but some people do send/receive
these files) are very suspicious, and even if you know the sender, the
chance exists that the files could have been tampered with (unless the
message is digitally signed with a known signature).
Brian May <bam@snoopy.apana.org.au>

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: