From: Michael Tokarev (no email)
Date: Tue Oct 01 2002 - 09:25:18 EDT
Graham Hillstomer wrote:
> Hi!
>
> I am going way out on a string here but I would say it is better to use a virus scanner than header/body strings because as virus writers can use anything as a subject/body. Sure you can search for <iframe> and stop many viruses since <iframe> probably has no real purpose in ascii/rtf/html mail anyways.
Header/body checks serves very useful purpose too.
Sometimes it's far more easy to write simple blocking
regexp than to wait for av vendor to release an update
(for example, one variant of klez required to update
the whole av engine of one of av vendors - that wasn't
as simple as updating virus signatures). And also, think
about that same klez: using header/body checks (iframe
exploit), it becomes sending's side to deal with bounces
to fake addresses... Again, an "epidemia" of such
klez viruses may make your av scanner (and thus mailserver)
just unable to handle the load, while regexps (if done
right!) may help here alot.
/mjt
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|