[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [vps-mail] Clamav and letting virus' through

Subject: RE: [vps-mail] Clamav and letting virus' through
From: "John Oligario" <joligario@xxxxxxxxxxxxxxx>
Date: Wed, 10 Mar 2004 10:45:30 -0500

Hi there,

I have not blocked files from the customers, as they want to have the option
of receiving exe's, etc.  Outlook blocks exe files automatically, unless you
know how to bypass it.  The email containing the pif came in from an unknown
source, and there is no way for me to know what is actually a valid or
invalid email address.

I agree, no one really needs to receive a PIF, but the customers are the
ones who pay the bills, so I must follow their wishes.  If they get infected
with a virus, then they either restore from backup or they pay me to do a
data recovery.  I have no problem in doing a data recovery, as that is what
my specialty is!  (recoverdata.com) 

ClamAV has found lots of virus, however the last few weeks it has been
failing, so perhaps something has changed on the servers (this actually
started when I installed spamassassin 2.63).

Now to talk about your other part of blocking items via spamassassin, has
anyone put together in generic format, a complete spamassassin file blocking
to use, which could be 'cloned' and then dropped into place for those of us
who do not know how to configure it properly?

Thanks!

John

-----Original Message-----
From: owner-vps-mail@xxxxxxxxxxxx [mailto:owner-vps-mail@xxxxxxxxxxxx] On
Behalf Of Sikaspam
Sent: Wednesday, March 10, 2004 10:29 AM
To: vps-mail@xxxxxxxxxxxx
Subject: Re: [vps-mail] Clamav and letting virus' through

John Oligario wrote:
> The file was your_website.pif with the w32.netsky.D@mm virus.
> 
> Last week another virus came through clamav, so is this an inherent 
> new trait with clamav?

John, this may be a stupid question I've been wanting to ask, but your
question lets me do it...

Does anyone really need to receive PIF files as attached to email? I'm not
even sure they're used much at all although they do still exist.

I am now blocking them and all EXE files (as detected by spamassassin
btw) on all our servers. I suppose someday someone might complain, but I'm
still waiting.

To get back to your query, clamav has found damn few viri on our VPS2 - I'm
wondering if it's even worth the CPU and hope some of you will comment on
that.
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re: [vps-mail] Clamav and letting virus' through
  - From: Scott Wiersdorf

References:
- Re: [vps-mail] Clamav and letting virus' through
  - From: Sikaspam

Prev by Date: Re: [vps-mail] Clamav and letting virus' through
Next by Date: Re: [vps-mail] Clamav and letting virus' through
Previous by thread: Re: [vps-mail] Clamav and letting virus' through
Next by thread: Re: [vps-mail] Clamav and letting virus' through
Index(es):
- Date
- Thread

Main Index | Thread Index