I have just started using Anomy and am finding it is attaching long logs
of changes to HTML messages when those messages are not, as far as I
know, a problem for me.
Other than the occasional HTML spam which has an HTML refresh command,
which causes my Netscape 4.77 Messenger to cause a browser page to
access the spammers web site, I don't have any trouble with HTML
emails. This is probably because I disallow Javascript in email and
because I don't use MS Outlook (Express) or Eudora or any such mail
client which relies on MSIE to render HTML emails.
I am not sure if Anomy gets rid of such refresh commands as:
<HTML><p><head><p><META HTTP-EQUIV=3DRefresh CONTENT=3D"02;
URL=3Dhttp://w=
ww.seemorenudes.com/accounts/bonnie"><p></head>
I suppose I could be getting web bugs in HTML emails, but I am not
concerned.
So I would be happy to use Anomy just for detecting virus emails - by
searching for any attached file which looks executable and then by
"dropping" it, which involves shortening it greatly and adding a
distinctive message which my Maildrop filtering can then find, to turf
the thing into the virus pit, whilst also sending a copy of it, tagged
for deletion and with "[VIRIII] added to the Subject line, to the Inbox.
http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/
I will be updating this page in the next few days after some experience
with the new setup, and to include improvements suggested by
Advosys.ca. Also, I want to investigate and note something I wrote to
the bugs list about: what to the (potentially dumb) user seems to be
Anomy failing to recognise file names with spaces as being executable.
name=CODE .bat
Maybe the resulting file really isn't executable, but the message is
still a 130 k virus file and it would be nice to automatically detect
it.
- Robin