[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Filter for W32/Swen@MM

On Sunday 21 September 2003 14:44, John Belmonte wrote:

> This is wishful thinking.  Don't you think its going to become common
> for a virus to make a random insignificant change to its payload to
> thwart this?

Oh absolutely :)

This is possibly OT for the 'mentors' list...  there are plenty of anti-virus 
checking packages already dedicated to this task. I do agree that systems 
like the 'qmail-scanner' being in Perl make them large and slow where a 
smaller solution is necessary...

I've been successfully using 'TrashScan' which is a single 150-line shell 
script that strips off MIME parts with 'uudeview' or 'metamail' and the calls 
'clamscan' (or the daemon version clamdscan if you like..) and is invoked by 
procmail. It means the processing overhead for each message is negligible. If 
you'd like to try it, it's part of the 'clam antivirus' distribution :)

Just trying to stop the wheel from being re-invented (again) ...


Reply to: