Selectively quarantining on virus name
Julian Field
mailscanner at ecs.soton.ac.uk
Thu Aug 21 16:55:55 IST 2003
At 16:03 21/08/2003, you wrote:
>mikea wrote:
>
> > Considering the evolutionary path we see worms/viruses following,
> > would it make sense to retain the current "Silent Viruses" list
> > for the time being, but add a "Notify About Viruses" list which
> > listed the ones for which infection notices should be sent, with
> > an eye to eventually removing "Silent Viruses" processing?
>
>I'd second that, particularly if the "Notify About Viruses" could use
>regex matching. This would be useful since most of the vendors seem to
>encode some kind of description of the virus type in its name. For
>example Sophos names Word 97 Macro viruses as WM97/virusname. This way we
>could choose to send notifications for macro viruses (which tend to appear
>in documents sent by users) but ignore other types of virus.
I could do that. The simpler thing to do is change the default setting in
new installations to *not* send sender warnings at all ("Warn Senders = no").
Thoughts?
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list