Date: Wed, 5 Dec 2001 23:40:32 -0600 From: Christopher Farley <chris@northernbrewer.com> To: KD Computers - Adam <adam@kdcomputers.com> Cc: freebsd-questions@freebsd.org Subject: Re: McAfee VirusScan for FreeBSD Message-ID: <20011205234029.A17156@northernbrewer.com> In-Reply-To: <GDELKMOLJCHICOIJNDJGGEELCAAA.adam@kdcomputers.com>; from adam@kdcomputers.com on Wed, Dec 05, 2001 at 11:09:19PM -0600 References: <007a01c17e14$71a99770$0a00000a@atkielski.com> <GDELKMOLJCHICOIJNDJGGEELCAAA.adam@kdcomputers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
KD Computers - Adam (adam@kdcomputers.com) wrote: > Uhhh... Windows clients? :) > > Majority of our clients are using windows based machines, all of which use > outlook, and most of the users arn't smart enough to figure out what to and > what not to open. I'm not sure how thorough you need to be, or how much work you want to put into the problem, but Postfix (and probably all other MTAs) can do regular expression searches on the envelope and bodies, and reject mail based upon fairly customized criteria. For example, the following body_check rule rejects mail that contains a well-known signature for the Sircam worm: /^Hi! How are you=3F$/ REJECT /^Hola como estas =3F$/ REJECT If you use a system like this, you're undoubtedly going to spend a lot more time researching Outlook security problems, tweaking the rules, analyzing mail logs for false positives, etc. (Gone are the days when viruses could be identified by subject line alone!) And if something nasty slips through, there's nobody to blame but yourself. On the other hand, you can pretty easily reject 90% of the problematic mail without resorting to a proprietary product. -- Christopher Farley www.northernbrewer.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011205234029.A17156>