Re: Filter for W32/Swen@MM
On Sunday 21 September 2003 14:44, John Belmonte wrote:
> This is wishful thinking. Don't you think its going to become common
> for a virus to make a random insignificant change to its payload to
> thwart this?
Oh absolutely :)
This is possibly OT for the 'mentors' list... there are plenty of anti-virus
checking packages already dedicated to this task. I do agree that systems
like the 'qmail-scanner' being in Perl make them large and slow where a
smaller solution is necessary...
I've been successfully using 'TrashScan' which is a single 150-line shell
script that strips off MIME parts with 'uudeview' or 'metamail' and the calls
'clamscan' (or the daemon version clamdscan if you like..) and is invoked by
procmail. It means the processing overhead for each message is negligible. If
you'd like to try it, it's part of the 'clam antivirus' distribution :)
Just trying to stop the wheel from being re-invented (again) ...