Proposed EIMS Virus UberFilter

PROBLEM: The EIMS filter capability requires EIMS administrators to create a filter for each new virus, such as the filters I created for the ILOVEYOU virus; many EIMS administrators only have the ability to modify an existing filter using ResEdit to parse the subject field.

SOLUTION: Create a monolithic antivirus filter (uberfilter) that connects to an online database and updates a local EIMS server to protect from viruses that are identifiable by their subject, attachment, or other x-header.

CHALLENGES: Although EIMS is extensible, it will require effort on the part of Eudora and the EIMS mailing list community to create such a filter; effective maintenance of the database will be essential to the success of the project; EIMS needs to be restarted when a new filter is placed in the Filters folder.

FEATURES: An EIMS uberfilter might have some of the following features:

  • Select more than one database (primary and secondary?)
  • Select the time interval between updates from the database
  • Be able to override a virus definition using an ASCII text file (e.g., "RBL exclusions" file)
  • Have a companion mailing list that notifies EIMS administrators of new virus definitions
  • Enable EIMS administrators to submit and comment on new virus definitions via a Web form
  • Enable filtering of any x-header (e.g., subject and/or attachment, etc.)

The interval at which new virus definions may be checked was inspired when I was revising my Mac OS 9 Book and realized that Apple incorporates this type of feature in at least three places (Software Update control panel, Sherlock 2, and the Time & Date control panel). I especially like the ability of the Time & Date control panel to sync the clock only when there is a difference between the time server and the local clock, and thought a virus filter might be able to do the same think when looking for new virus definitions.

RESOURCES: Check out these resources for more information about EIMS:

EIMS Home Page
EIMS Tech Support
Glenn Anderson
EIMS Mailing List
Christian Mønsted (filters, filters, filters!)

Last updated by Mark R. Bell.