[Mimedefang] patch to add blocking of encrypted email via uvscan
Lucas Albers
admin at cs.montana.edu
Tue Dec 9 12:30:38 EST 2003
We should add a patch in to allow admins to encypted archive blocking for
all supported virus scanners.
(Look here, I just supported a silly little patch for nai.)
Anyone have a patch for the other virus scanners?
Then when the virus shows up, we can click the red button to engage,
"Super Encryptiong blocking." in mimedefang.
That seems to be a proactive response.
--Luke
> On Tue, 9 Dec 2003 WBrown at e1b.org wrote:
>
>> It would slow the virus from propagating though, because it would have
>> to
>> encrypt each version sent separately.
>
> Encryption could be a problem. It is possible to write a polymorphic
> virus that has essentially no "signature". That is, it's possible to
> write a virus that mutates itself such that two different mutations
> have no pattern in common longer than a couple of bytes (and that's
> too short to trigger on without heaps of false-positives.)
>
> I'm somewhat surprised we haven't seen a virus kit that does this, but
> we probably will within the next few years.
>
> Regards,
>
> David.
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
More information about the MIMEDefang
mailing list