[Mimedefang] Virus statistics (was: One that the default filter missed...)

David F. Skoll dfs at roaringpenguin.com
Fri May 24 15:10:29 EDT 2002

On Fri, 24 May 2002, Michael D. Sofka wrote:

> I have also
> placed a copy of the report I prepared based on a few weeks of data
> gathering (viruses.pdf).

And you used pdfLaTeX to make it. :-)  Man after my own heart...

One question:  Why don't you just block all executables as in the
latest (2.12) sample filter?  I expect then that MD would have caught
99.9% of everything that was caught by Sophos.  Your point about .doc
and .xls is well taken; however, I think Word and Excel are not as
widely deployed as Windows itself (especially for home users), so such
viruses would propagate more slowly.

Is there a legitimate reason for allowing .pif/.exe/.scr/etc files
to travel by e-mail?

> Finally, you will note this is MIMEDefang 2.3.  Since upgrading will
> require a new compile of sendmail,

Actually, not really; MD 2.12 should still work fine with Sendmail
8.11, althought it's not recommended.

> I'm still waiting to read how CitiBank handles 1.5 million emails a day...

Me too.  You can bet your bottom dollar they don't exec a virus scanner
for each message.  I'm guessing they either filter based solely on
filename, or use a daemonized virus-scanner which stays resident.  And I
bet they use a cluster of machines.  Please let us know... :-)


More information about the MIMEDefang mailing list