On Thu, Oct 09, 2003 at 01:11:27PM -0700, Richard Crawford wrote:
>
> I've missed most of this thread, but it seemed to me that the point is
> that viruses don't spread on Linux via e-mail/attachments, the way that,
> say, Klez or Blaster do. The mechanism of Slapper's spread (and the very
> few other worms that infect Linux/Unix hosts) is very, very different.
Precisely, and the means to combat slapper is not with ClamAV (or is
it?).
The OP was not clear what his ultimate objective was...
If he is protecting a standalone Linux system or *nix only network, he
probably does not need to worry about *viruses* ala the MS variety
infecting his *nix systems via email attachments. There are things to
worry about, but this is not one of them.
If he has a mixed network, and mail is moving through the Linux system
to MS systems, and he wants to protect MS systems, there are many,
many ways to do this. Procmail works fine, in fact. It is quite easy
to take an all or none approach with it and just delete mail as one
wishes. It is not so easy to discriminate legit exe type attachments
(is there such a thing?), from malicious such attachments. If that is
the need, then one of the AV packages might be in order. There are
procmail recipes around that ID the more common viruses:
## Microsoft support virus, W32/Gibe-F I think, 18/9/03
:0 B
* ^AGiEo0AAZKEAAAAAUGSJJQAAAABRUbhQFAAA6FSUAABTVleJZegz24ld/It9DIgfjYWs6///UGgA$
{ LOG="Virus W32/Gibe-F: "
:0
/dev/null
}
That one grabs some other viruses as well, apparently with borrowed code.
--
Hal Burgiss
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
