[KLUG Members] Windows Virus Scanner (MyDoom)

Peter Buxton members@kalamazoolinux.org
Wed, 4 Feb 2004 21:37:18 -0500

Previous message: [KLUG Members] OT: Windows Virus Scanner (MyDoom)
Next message: [KLUG Members] Problem in installing linux red hat
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 04, 2004 at 03:15:43PM -0500, Adam Williams was only escaped
   alone to tell thee:

> I did discover "noattach" however -
> http://freshmeat.net/projects/noattach/?topic_id=29 - simply rejects
> messages with dumb attachment types (.pif, .scr, etc...).

That is a neat idea. I was doing that for a while. But I need the
ability to detect Word viruses.

> And CLAM (free & Open Source) Anti-Virus gets to make the claim that
> it added the signature for MyDoom first, before those capitalist
> running dog services like MacFee (sp?), etc...

I recently installed CLAM AV at CARES. I was and am very impressed. It
is written in C and runs over Unix domain sockets for maximum speed and
minimum overhead. I thought I would have to install AMaViS to use it,
but no. Debian's exim4-daemon-heavy package comes with the Exiscan
patch, which extends Exim's native ACL controls. Exiscan demimes the
message and shoots it, once, to /var/run/clam.ctl, and CLAM returns its
virus finding.

After a bunch of reading, four lines installed the filter in Exim.

-- 
There's a lot of drinking in Iraq. But they could give lessons
to the Scots on grimness in drinking. -- Michael Kelly

Previous message: [KLUG Members] OT: Windows Virus Scanner (MyDoom)
Next message: [KLUG Members] Problem in installing linux red hat
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]