[pmmail-list] SirCam Virus Filtering Update
Maynard
pmmail-list@blueprintsoftwareworks.com
Sun, 05 Aug 2001 15:51:19 -0500 (CDT)
On Sun, 05 Aug 2001 12:40:54 -0700 (PDT), Kris Sorem Sr wrote:
>Size and double
>extension seem to be most reliable indicators. Everything else is ify
>since ordinary messages could contain the text strings.
Size is also iffy of course. One option would be to stop all executable
attachments, including .DOC, and tell users that if they want to
receive such things, to get them into .ZIP first
But again, even though size, text, even double extensions, could all
happen in different genuine messages, the combination of them all in a
way which trips your current SirCam filter would be pretty doubtful.
I'd be extremely surprised if you got any false positives, particularly
if processing could be added to detect the double extension.
`~Maynard
- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com