[Spambayes] SpamBayes proxy, Outlook Express & anti-virus

Katz, Amir Amir_Katz at bmc.com
Thu Mar 4 12:29:54 EST 2004 

Thanks for the detailed explanation. FWIW, SB and the AV together are
shooting down all threats and annoyances. 

-----Original Message-----
From: Kenny Pitt [mailto:kennypitt at hotmail.com]
Sent: Thursday, March 04, 2004 19:12
To: 'Katz, Amir'; 'Spambayes mailing list (E-mail)'
Subject: RE: [Spambayes] SpamBayes proxy, Outlook Express & anti-virus


SpamBayes does not extract or "assemble" any attachments inside mail
messages. However, most virus scanners detect virus attachments as the
message data is read over the network, i.e. the virus scanner also
understands the format of the message and can detect the virus while it is
still inside the message before it has a chance to do any harm. McAfee is
probably doing this, and may be reporting the location of the virus exe as
the working directory of the process that read the network data.
 
The SpamBayes proxy also writes a copy of the raw data for each message
(again, without extracting any attachments) to a cache directory as it is
received. This data might also trigger your virus scanner, but it is less
likely because in this case the virus scanner does not know that the file
data is an e-mail message and so it doesn't decode the contents. If it did
detect this, the location would probably show up under your "Documents and
Settings" folder instead of the SpamBayes installation folder.
 
-- 
Kenny Pitt
 


  _____  

From: spambayes-bounces at python.org [mailto:spambayes-bounces at python.org] On
Behalf Of Katz, Amir
Sent: Sunday, February 29, 2004 7:07 AM
To: Spambayes mailing list (E-mail)
Subject: [Spambayes] SpamBayes proxy, Outlook Express & anti-virus


I'm running SB at home with OE and MacAfee VirusScan. Every so often the AV
pops up and reports that a virus was found in file <xyz>.exe which is
located in what seems to be SB's working directory.
 
My assumption is that SB assembles the mail's attachments prior to examining
the full message and as soon as an attachment (which is an .exe file) is
created, the AV kicks in and correctly shoots it.
 
Questions:
1) Is this scenario correct? If no, what really happens?
2) If yes, is there a way to tell SB not to assemble attachments and avoid
the remote chance that the exe will remain there?
 
Thanks,
 
Amir Katz, CISSP 



"The C Programming Language - A language which combines the flexibility of
assembly language with the power of assembly language."

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/spambayes/attachments/20040304/7914b23a/attachment.html

More information about the Spambayes mailing list