Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • not knowing a whole lot about mailserver configuration, I'd be very interested in knowing specifically what changes you had to make to the system in order to detect-and-absorb the mydoom stuff without also getting false-positives in the process. I mean, even spamassassin misses a few, or is overzealous on rare occasions.

    And, if you've managed a 100% solution, a config file diff might also go a long way towards helping other admins (who also are not mailserver gurus :) do the same and thus further reduce th
    • by Elian (119) on 2004.02.06 11:37 (#28135) Homepage Journal
      Dunno about perl.org specifically, but ClamAV [clamav.net] seems to detect MyDoom and its variants. It's what I'm running on my linux-based mailserver as the virus scanner and while there's a bit of lag with new viruses (like any other system, as you need to wait for the signatures to be updated) it's as reliable as anything else I've found. And free, which is nice.
      • Actually, in the case of MyDoom, ClamAV had signatures several hours before ANY of the commercial AV vendors. We've been blocking up to a peak of just over 5000 copies per hour on our mail servers using ClamAV. It's awesome.