Re: Simple e-mail virus scanner
Kjetil Kjernsmo wrote:
I guess I'm not really looking for a "security solution", but I guess
you folks are the most likely to know, so I try here...
In the last couple of hours, I've got about 25 100KB of the recent
Sobig.f M$ virus, along with about the same number of bogus "there was
a virus in an e-mail you sent". It would be really great to be able to
filter those out so that I don't need to see them, that is, get them in
a folder I can clean out now and then.
But I don't want to run a full-scale virus scanner, because for the time
being, I really don't need any, as no e-mail is read on an MS machine
I figured, most viruses should be able to detect by using simple regexs,
right? So, a simple scanner that looks for a number of regexs available
from a repository could do the trick...? Or perhaps use something like
Vipul's Razor for this kind of stuff...?
So, I'm wondering, does anybody know about any such approach?
You may just want to bite the bullet and install amavisd-new. Even
though you're not really worried about the viruses per se, it will
filter out the crap. If Sobig.F is any indication, this may become more
desirable. You may even just want to install amavis without a virus
scanner (and just searching for banned filenames), if an AV program
imposes too much of a load on your system.
Amavis also is nice for catching executable files that are so common
with current worms (our install actually was catching Sobig.F this way
before the AV signatures were updated). If you're not reading email on
an MS machine, I'm guessing it's fairly rare for you to recieve legit
emails with .pif, .exe, or .bat attachments.
The nice thing is, amavis will do a better job at catching the
attachments then some of the ad hoc methods discussed earlier (see the
config section on banned filenames). Another plus is that it can be
configured to SMTP reject the message, instead of accepting and then
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746