[Esa-l]Re: Sircam virus filter

David Collantes david at bus.ucf.edu
Thu Aug 2 08:54:31 PDT 2001

On 02/08/01 at 9:19am, Juan Manuel Calvo wrote:

|> > I have found a very simple solution to the Sircam problem. Your
|> > procmail sanitizer allows defang the attachment but the users
|> > receives the email.
|> Not if you poison *.bat *.pif *.lnk and *.com - is there really any
|> reason to be accepting these sort of attachments from random people
|> out on the Internet?
|I'm poisonig all executable extensions but Sircam fills the user
|some of my users get over a hundred infected messages overnight,
|mailbox strikes the quota and loose or delay more important messages.

How can SirCam fill up the user mailboxes if you are already poisoning all
executable extensions? That makes no sense. In spanish:

Como es posible que el SirCam este llenando las cuentas de sus usuarios si
usted ya tiene todos los ejecutables en su lista negra? No tiene sentido.

|> > I have added the following lines in my /etc/procmailrc BEFORE
|> > the sanitizer:
|> >
|> That's a signature-based defense. What if SirCam mutates a little?
|Your sanitizer will poison the attachment, my users will have to clean
|your mailboxes and loose some messages, and I'll have to change de
|signature, not a real danger.

I do not understand a bit of what you wrote above. In spanish: No entiendo
nada de lo que escribio anteriormente.


| David Collantes                || UCFBusiness, UCF, Orlando, FL   |
| Senior Systems Administrator   || Telephone: (407) 823-3418       |

More information about the esd-l mailing list