Selectively quarantining on virus name
Spicer, Kevin
Kevin.Spicer at BMRB.CO.UK
Thu Aug 21 16:03:43 IST 2003
mikea wrote:
> Considering the evolutionary path we see worms/viruses following,
> would it make sense to retain the current "Silent Viruses" list
> for the time being, but add a "Notify About Viruses" list which
> listed the ones for which infection notices should be sent, with
> an eye to eventually removing "Silent Viruses" processing?
I'd second that, particularly if the "Notify About Viruses" could use regex matching. This would be useful since most of the vendors seem to encode some kind of description of the virus type in its name. For example Sophos names Word 97 Macro viruses as WM97/virusname. This way we could choose to send notifications for macro viruses (which tend to appear in documents sent by users) but ignore other types of virus.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
More information about the MailScanner
mailing list