Hello Bill,
Monday, August 25, 2003 you wrote:
BH> F-Prot doesn't need to have the attachments decoded to detect a virus.
I agree but with some reservation.
F-prot actually breaks the message into the mime segments and
scans them. So there is little need for a separate mime process
if using f-prot.
However, f-prot fails to report certain types of files and
encoding - at least for me - and apparently because the virus in
that kind of file is not actually threatening. This was a huge
problem on the recent blaster worm outbreak.
Now f-prot desktop did protect users from the worm if the file
were attempted to be opened by an application. But the worm
slipped through e-mail for a couple of days.
You can test a good many types of encoding and file types using
the tool at http://www.declude.com/tools/mailsend.html - At least
some of these will not trigger f-prot but I've forgotten the
details.
Even with this reservation f-prot is definitely an excellent tool
for the money.
The solution is not as simple as just parsing the mime segments
but also in decoding the mime segments.
And that also does not take in account the significant number of
virus vulnerabilities that should be checked as well.
Terry Fritts
Smart Business Solutions, Inc.
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
