[Esa-l] Email Sanitizer hanging
Brett Glass
brett at lariat.org
Wed Oct 25 21:01:40 PDT 2000
At 09:30 PM 10/25/2000, John D. Hardin wrote:
>Commercial antivirus tools are limited in that they generally use
>signatures of already-known attacks. My macro scanner takes the
>approach that there are some things no document has any business
>doing, such as messing about in the registry.
Actually, macros are the one place where commercial antivirus
tools do use heuristics, thanks to the early success of mutations
of the Concept virus. I do defang the Office document types, but
don't enable the scoring system within the filter kit; this
reduces mail server overhead. I find that macro viruses --
including new variants -- are pretty reliably caught by all
of the major virus checkers because they've had to resort
to heuristics.
--Brett
More information about the esd-l
mailing list