Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: RFC: virus handling
From: Casper Dik <casper () holland sun com>
Date: Tue, 03 Feb 2004 23:57:06 +0100





-----Original Message-----
From: Daniele Orlandi [mailto:daniele () orlandi com]



I use amavisd-new which has support for listing viruses/worms 
that fake
the sender's email address. Unfortunatelly the list is external to the
actual virus scanner and has to be updated manually.


Given that the majority of new viruses forge the sender's email address, I
think the reverse would make more sense -- have a list of viruses that
*don't* forge, and only send notifications for those.


Considering that virus scanners still operate using signatures,
it seems logical to include a flag for each specific virus so that
when it is recognized the virus software knows that they shouldn't
bother me.

(A, and yes, it is a lot of fun that those virus scanner vendors sell
*localized* versions of their software so I've now had them tell me in
more languages and character sets than I care to remember how bloody
incompetent they are.)


Casper

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]