Re: Filter for W32/Swen@MM

To: debian-mentors@lists.debian.org
Subject: Re: Filter for W32/Swen@MM
From: Gavin Hamill <gdh@acentral.co.uk>
Date: Sun, 21 Sep 2003 15:01:42 +0100
Message-id: <[🔎] 200309211501.42151.gdh@acentral.co.uk>
In-reply-to: <[🔎] 3F6DAB3E.1090102@prairienet.org>
References: <[🔎] 20030919150125.GG10604@foghorn.bartels-schoene.de> <[🔎] 20030921094729.GI5115@intranet.sambara.org> <[🔎] 3F6DAB3E.1090102@prairienet.org>

On Sunday 21 September 2003 14:44, John Belmonte wrote:

> This is wishful thinking.  Don't you think its going to become common
> for a virus to make a random insignificant change to its payload to
> thwart this?

Oh absolutely :)

This is possibly OT for the 'mentors' list...  there are plenty of anti-virus 
checking packages already dedicated to this task. I do agree that systems 
like the 'qmail-scanner' being in Perl make them large and slow where a 
smaller solution is necessary...

I've been successfully using 'TrashScan' which is a single 150-line shell 
script that strips off MIME parts with 'uudeview' or 'metamail' and the calls 
'clamscan' (or the daemon version clamdscan if you like..) and is invoked by 
procmail. It means the processing overhead for each message is negligible. If 
you'd like to try it, it's part of the 'clam antivirus' distribution :)

Just trying to stop the wheel from being re-invented (again) ...

Cheers,
Gavin.

Reply to:

References:
- [OT] Virus W32/Swen@MM spreading...
  - From: Thomas -Balu- Walter <debian@b-a-l-u.de>
- Re: Filter for W32/Swen@MM
  - From: Ismael Valladolid Torres <ismael@sambara.org>
- Re: Filter for W32/Swen@MM
  - From: John Belmonte <jvb@prairienet.org>

Prev by Date: Re: Filter for W32/Swen@MM
Next by Date: How to handle config file that has changed names
Previous by thread: Re: Filter for W32/Swen@MM
Next by thread: Re: Filter for W32/Swen@MM
Index(es):
- Date
- Thread