Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can We Effectively Scan For E-Mail Viruses?

Posted by Cliff on from the are-filters-really-good-enough dept.

A couple of questions here, first from DavidBrown: "It occurs to me that with the recent virus/worm/whatever stories, maybe the solution to e-mail viruses isn't to go out and install on every desktop virus software that nobody likes to run - it slows you down, and doesn't feel 'natural'. Maybe we should screen for questionable macros and infected attachments at the ISP mail server level?" but before we screen, we first need effective filters which is the subject of kevin42's question: "I've tried many different filters and strategies for reducing spam that comes into my domain. The problem is I still get a ton of spam, and when I look at what the filtering is catching it's only like 5% of all the spam. A search on freshmeat finds tons of apps and filters, but I've tried a few and none seem to work. Trying them all will take forever, so does anyone have experience with some that will actually work?"

David adds: "Yahoo mail seems to do this. Once a new virus is detected, ISP's can install new updates much faster than most users." ISPs are implementing this, just not fast enough for most people. Which ISPs (especially national ones) have hardened their systems against such viruses and, more importantly, who hasn't?

2 of 11 comments (clear)

  1. Looking in the wrong places by v4mpyr · · Score: 3

    If you want a security tool check SecurityFocus. They have all kinds of neat toys that actually work.

    --

  2. Procmail trap by Brazilian+Geek · · Score: 3

    I really don't know what the filter's name is but I do know that it stops known files, mangles attachment extensions, mangles IMG tags and a whole other truck load of stuff, best of all it doesn't interfere with anything but depends on procmail of course.

    Here's a link to the homepage.

    It is score based, runs really fast, sanitizes headers, HTML and MIME attachments - since it's based on the procmail ruleset, it can easily be adapted to your needs. It features external "poisoned" files (and extensions) that you can block off.

    I've been using it since 1.088 (I think) and I've had no bad things to say about it!

    --
    All browsers' default homepage should read: Don't Panic...