[Mimedefang] Observations on latest crop of zip viruses
David F. Skoll
dfs at roaringpenguin.com
Wed Mar 3 18:04:22 EST 2004
Hi,
I've discovered that greylisting with certain parameters completely
prevents the latest crop of nasty zip viruses.
I have a number of samples that all sent themselves in bursts of 3 within
a few seconds. Our greylisting parameters include sender address, recipient
address and first 3 octets of sending relay. Crucially, we also specify
a minimum "quiet time" of two minutes between retries.
This has completely stopped the zip viruses on our box.
Tomorrow, I will release MIMEDefang 2.40-BETA-3 which will have
routines to look inside zip files.
Regards,
David.
--
David F. Skoll <dfs at roaringpenguin.com> Roaring Penguin Software Inc.
+1 (613) 231-6599 ext. 100 http://www.roaringpenguin.com/
For CanIt technical support, please mail: support at roaringpenguin.com
More information about the MIMEDefang
mailing list