Selectively quarantining on virus name
mikea
mikea at MIKEA.ATH.CX
Thu Aug 21 17:59:38 IST 2003
On Thu, Aug 21, 2003 at 04:55:55PM +0100, Julian Field wrote:
> At 16:03 21/08/2003, you wrote:
> >mikea wrote:
> >
> > > Considering the evolutionary path we see worms/viruses following,
> > > would it make sense to retain the current "Silent Viruses" list
> > > for the time being, but add a "Notify About Viruses" list which
> > > listed the ones for which infection notices should be sent, with
> > > an eye to eventually removing "Silent Viruses" processing?
> >
> >I'd second that, particularly if the "Notify About Viruses" could use
> >regex matching. This would be useful since most of the vendors seem to
> >encode some kind of description of the virus type in its name. For
> >example Sophos names Word 97 Macro viruses as WM97/virusname. This way we
> >could choose to send notifications for macro viruses (which tend to appear
> >in documents sent by users) but ignore other types of virus.
>
> I could do that. The simpler thing to do is change the default setting in
> new installations to *not* send sender warnings at all ("Warn Senders = no").
>
> Thoughts?
I think I'm having a senior moment: I don't find a "Warn Senders"
option anywhere in my MailScanner install: MailScanner-4.21-9 or in
<http://www.sng.ecs.soton.ac.uk/mailscanner/man/MailScanner.conf.e.html>.
Is this newer, am I just looking past it, or did you mean "Send
Notices"?
--
Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin since 1964
More information about the MailScanner
mailing list