[Spambayes] SpamBayes proxy, Outlook Express & anti-virus

Kenny Pitt kennypitt at hotmail.com
Thu Mar 4 12:12:08 EST 2004 

SpamBayes does not extract or "assemble" any attachments inside mail
messages. However, most virus scanners detect virus attachments as the
message data is read over the network, i.e. the virus scanner also
understands the format of the message and can detect the virus while it
is still inside the message before it has a chance to do any harm.
McAfee is probably doing this, and may be reporting the location of the
virus exe as the working directory of the process that read the network
data.
 
The SpamBayes proxy also writes a copy of the raw data for each message
(again, without extracting any attachments) to a cache directory as it
is received. This data might also trigger your virus scanner, but it is
less likely because in this case the virus scanner does not know that
the file data is an e-mail message and so it doesn't decode the
contents. If it did detect this, the location would probably show up
under your "Documents and Settings" folder instead of the SpamBayes
installation folder.
 
-- 
Kenny Pitt
 


  _____  

From: spambayes-bounces at python.org [mailto:spambayes-bounces at python.org]
On Behalf Of Katz, Amir
Sent: Sunday, February 29, 2004 7:07 AM
To: Spambayes mailing list (E-mail)
Subject: [Spambayes] SpamBayes proxy, Outlook Express & anti-virus


I'm running SB at home with OE and MacAfee VirusScan. Every so often the
AV pops up and reports that a virus was found in file <xyz>.exe which is
located in what seems to be SB's working directory.
 
My assumption is that SB assembles the mail's attachments prior to
examining the full message and as soon as an attachment (which is an
exe file) is created, the AV kicks in and correctly shoots it.
 
Questions:
1) Is this scenario correct? If no, what really happens?
2) If yes, is there a way to tell SB not to assemble attachments and
avoid the remote chance that the exe will remain there?
 
Thanks,
 
Amir Katz, CISSP 



"The C Programming Language - A language which combines the flexibility
of assembly language with the power of assembly language."

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/spambayes/attachments/20040304/4dc762af/attachment.html

More information about the Spambayes mailing list