[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications

[Matthew.van.Eerde at hbinc.com]

mimedefang-bounces at lists.roaringpenguin.com wrote:
> On Thu, 2005-06-30 at 12:26, Matthew.van.Eerde at hbinc.com wrote:
> 
>> 2. Imagine a USPS mail counter.  Someone walks up to the counter
>> with a 5lb package that has wires sticking out of it, smells of
>> gasoline, and is ticking.  The package has plenty of postage and the
>> return address is the White House.  (This USPS mail counter is not
>> in the same ZIP code as the White House.)    
>> 
>> What is the mail clerk to do?
> 
> To put this in MimeDefang terms, assume this started as a
> normal-looking package which has already been accepted and is now
> being put through a security scan near it's destination when the
> real nature is revealed.  What do you tell the delivery agent who
> will only respond to your command?

1. Blow the package up.
2. Send the White House a form letter saying:

Subject: PACKAGE|EMAIL YOU SENT WAS DESTROYED
Due to USPS|domain.name policy, we were forced to destroy a package|email because it contained a bomb|virus (virus name)

It was labeled as follows:

From: <from address>
To: <to address>
Date: <date>
Subject: <subject>

3. See what you can do to catch these things earlier (add a better virus-scanner on the gateway)

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"