anomy-list

Re: Disabling everything except virus scanning?

From: Robin Whittle (57787@xyz.molar.is)
Date: Tue 22 Oct 2002 - 01:13:00 GMT

  • Next message: Andrew: "Re: Disabling everything except virus scanning?"

    I have just started using Anomy and am finding it is attaching long logs
    of changes to HTML messages when those messages are not, as far as I
    know, a problem for me.

    Other than the occasional HTML spam which has an HTML refresh command,
    which causes my Netscape 4.77 Messenger to cause a browser page to
    access the spammers web site, I don't have any trouble with HTML
    emails. This is probably because I disallow Javascript in email and
    because I don't use MS Outlook (Express) or Eudora or any such mail
    client which relies on MSIE to render HTML emails.

    I am not sure if Anomy gets rid of such refresh commands as:

       <HTML><p><head><p><META HTTP-EQUIV=3DRefresh CONTENT=3D"02;
       URL=3Dhttp://w=
       ww.seemorenudes.com/accounts/bonnie"><p></head>

    I suppose I could be getting web bugs in HTML emails, but I am not
    concerned.

    So I would be happy to use Anomy just for detecting virus emails - by
    searching for any attached file which looks executable and then by
    "dropping" it, which involves shortening it greatly and adding a
    distinctive message which my Maildrop filtering can then find, to turf
    the thing into the virus pit, whilst also sending a copy of it, tagged
    for deletion and with "[VIRIII] added to the Subject line, to the Inbox.

       http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/

    I will be updating this page in the next few days after some experience
    with the new setup, and to include improvements suggested by
    Advosys.ca. Also, I want to investigate and note something I wrote to
    the bugs list about: what to the (potentially dumb) user seems to be
    Anomy failing to recognise file names with spaces as being executable.

        name=CODE .bat

    Maybe the resulting file really isn't executable, but the message is
    still a 130 k virus file and it would be nice to automatically detect
    it.

     - Robin



    hosted by molar.is