[Mimedefang] Observations on latest crop of zip viruses
WBrown at e1b.org
WBrown at e1b.org
Wed Mar 3 18:24:53 EST 2004
mimedefang-bounces at lists.roaringpenguin.com wrote on 03/03/2004 06:04:22
PM:
> I've discovered that greylisting with certain parameters completely
> prevents the latest crop of nasty zip viruses.
>
> I have a number of samples that all sent themselves in bursts of 3
within
> a few seconds. Our greylisting parameters include sender address,
recipient
> address and first 3 octets of sending relay. Crucially, we also specify
> a minimum "quiet time" of two minutes between retries.
>
> This has completely stopped the zip viruses on our box.
>
> Tomorrow, I will release MIMEDefang 2.40-BETA-3 which will have
> routines to look inside zip files.
>
No wonder I wasn't seeing it being detected by the antivirus on my CanIT
Pro boxes! I use a the sender/recipient/IP triplet setting with a 4
minute delay.
BTW, what other commercial spam filters use greylisting now? Any?
More information about the MIMEDefang
mailing list