[Mimedefang] Handling different viruses: discard message vs. drop attachment
Lucas Albers
admin at cs.montana.edu
Wed Jan 28 20:16:17 EST 2004
Kelson Vibber said:
> But once upon a time there were viruses that attached themselves to legit
> messages (remember happy99?), and the best choice there is to remove the
> infected attachment and pass the rest of the message along.
>
> I know I'm not the only one keeps a list of known mass-mailers in order to
> decide whether to discard the attachment or the whole message. But I have
> to keep updating that list, and I have to wonder: is it worth making this
> distinction anymore?
Here is an easier solution.
Make a sha hash of the attachment, and only save one copy of it.
So if you have already saved a copy of the virus you won't save any more.
If the virus has user data, it will also save a copy, as the sha hash will
be different.
No effort on your part with keeping track of different types of virus's.
--Luke Computer Science System Administrator
More information about the MIMEDefang
mailing list