[Mimedefang] Observations on latest crop of zip viruses

WBrown at e1b.org WBrown at e1b.org
Wed Mar 3 18:24:53 EST 2004


mimedefang-bounces at lists.roaringpenguin.com wrote on 03/03/2004 06:04:22 
PM:
> I've discovered that greylisting with certain parameters completely
> prevents the latest crop of nasty zip viruses.
> 
> I have a number of samples that all sent themselves in bursts of 3 
within
> a few seconds.  Our greylisting parameters include sender address, 
recipient
> address and first 3 octets of sending relay.  Crucially, we also specify
> a minimum "quiet time" of two minutes between retries.
> 
> This has completely stopped the zip viruses on our box.
> 
> Tomorrow, I will release MIMEDefang 2.40-BETA-3 which will have
> routines to look inside zip files.
> 

No wonder I wasn't seeing it being detected by the antivirus on my CanIT 
Pro boxes!  I use a the sender/recipient/IP triplet setting with a 4 
minute delay. 

BTW, what other commercial spam filters use greylisting now?  Any? 



More information about the MIMEDefang mailing list