[Esd-l] How do I display Virus Names

John D. Hardin jhardin at impsec.org
Mon Jan 14 06:40:14 PST 2002


On Mon, 14 Jan 2002, Herbert Nkhoma wrote:

> I am new to the forum and I am writing from Malawi.

Welcome!

> I want sanitizer to say what virus it has caught as opposed to the
> poisoned file name. Is this possible? What configurations do I do?

To do that, there has to be a unique signature for the file attachment
or email that will identify the worm. We have collected such
information for a few of the common worms and made some rules that do
identify the worm - see the discussion of the local-rules scripts near
the bottom of the Configuration page.

Please note that the sanitizer is not signature-based (even though
we've made a few signature-based traps) - it does not try to identify
specific attacks; rather, it enforces a policy decision that
"bare executable file attachments are too dangerous to accept".

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Monty Python's Star Trek Voyager:
  A successful trans-warp experiment turns Paris and Janeway into
  newts, but they get better.
  ...wait a minute... It's already been done...
-----------------------------------------------------------------------
   5 days until Babylon 5: the Legend of the Rangers



More information about the esd-l mailing list