better techniques to identify and remove zero-day viruses from cyrus store sought

2007-08-21 Thread John Crawford
Hello. What's the best way, and second best way to react to zero-day virus threats - messages that are delivered to the mail store before the detection is in place? Is there a best practice that functions nicely within the cyrus community? Like a perl script that traverses the mail store (via ima

Re: better techniques to identify and remove zero-day viruses from cyrus store sought

2007-08-21 Thread Joseph Brennan
John Crawford <[EMAIL PROTECTED]> wrote: > What's the best way, and second best way to react to zero-day virus > threats - messages that are delivered to the mail store before the > detection is in place? Refuse mail with executable attachments. List is at: http://support.microsoft.com/kb/262

Re: better techniques to identify and remove zero-day viruses from cyrus store sought

2007-08-21 Thread Jorey Bump
John Crawford wrote: > What's the best way, and second best way to react to zero-day virus > threats - messages that are delivered to the mail store before the > detection is in place? Any detection that can take place in the mail store can (and should) be moved up the chain, preferably to the

Re: better techniques to identify and remove zero-day viruses from cyrus store sought

2007-08-22 Thread John Crawford
Jorey Bump wrote, On 8/21/2007 2:28 PM: > John Crawford wrote: > >> What's the best way, and second best way to react to zero-day virus >> threats - messages that are delivered to the mail store before the >> detection is in place? > > Any detection that can take place in the mail store can (and

Re: better techniques to identify and remove zero-day viruses from cyrus store sought

2007-08-22 Thread Jorey Bump
John Crawford wrote: > Sieve is during delivery to the cyrus store though. > As we have the capability to identify hazards to our > users, I'd like to be able to exercise central > strategies improve their quality of life. So I seek > tools to leverage after detection to aid with > removal or reme

Re: better techniques to identify and remove zero-day viruses from cyrus store sought

2007-08-22 Thread Jorey Bump
Jorey Bump wrote: > Have you found that the risks justify this effort? Are your ClamAV scans > of the mailstore turning up anything? Are they serious threats? I've just scanned a mailstore with ClamAV, and about 95% of the 'FOUND' infected files were false positives. Here there be dragons.

Re: better techniques to identify and remove zero-day viruses from cyrus store sought

2007-08-23 Thread John Crawford
Jorey Bump wrote, On 8/22/2007 8:23 AM: > John Crawford wrote: > >> Sieve is during delivery to the cyrus store though. >> As we have the capability to identify hazards to our >> users, I'd like to be able to exercise central >> strategies improve their quality of life. So I seek >> tools to lever