[Mimedefang] ClamAV's Worm/Trojan/Joke/W97M classifications
WBrown at e1b.org
WBrown at e1b.org
Thu Jun 30 11:27:45 EDT 2005
mimedefang-bounces at lists.roaringpenguin.com wrote on 06/30/2005 10:19:29
AM:
> I would say that virus software running on the mail gateway (clam av,
> mcafee, etc.) are far more accurate than desktop AV software. This is
not
> because the AV software is better for mail gateways, but it is *easier*
to
> detect a virus in an email than it is to accurately identify and detect
a
> virus on someone's hard disk due to all the poorly written programs,
> documents, archives, and executables that people download and/or store
on
> their PC disks (which in most cases violates their own corporate
computer
> usage policies). So it all boils down to complexity. AV scanners on the
> mail gateway most certainly have an easier job scanning and detecting a
> virus, where desktop AV scanners have to take much more into
consideration,
> so the room for error is much greater with desktop AV software.
> Unfortunately, a large number of valid and legitimate MX hosts do not
run AV
> scanners on their gateways, so we can't rely on others to stop
illegitimate
> mail from propagating to other servers, including our own. The burden
falls
> on our shoulders, so we (as Admins) have to take appropriate measures to
> stop the problem in its tracks.
Huh? program.exe is the same file, whether it is stored on a local drive,
or extracted from an email. And if the same definition says it is a
virus, I don't see why it would matter wherer it was.
And anyone that runs a mail server not protected by AV is just hanging out
a big old "KICK ME! sign. It doesn't matter whether it is an MX or a relay
for internal users. The only mail servers that can get away without
running AV are those that only accept connections from servers that *ARE*
running AV and do not accept any connections from end-user devices.
More information about the MIMEDefang
mailing list