Selectively quarantining on virus name
Jeff Falgout
JFalgout at co.jefferson.co.us
Thu Aug 21 18:19:21 IST 2003
>>> mailscanner at ECS.SOTON.AC.UK 8/21/2003 9:55:55 AM >>>
At 16:03 21/08/2003, you wrote:
>mikea wrote:
>
> > Considering the evolutionary path we see worms/viruses following,
> > would it make sense to retain the current "Silent Viruses" list
> > for the time being, but add a "Notify About Viruses" list which
> > listed the ones for which infection notices should be sent, with
> > an eye to eventually removing "Silent Viruses" processing?
>
>I'd second that, particularly if the "Notify About Viruses" could use
>regex matching. This would be useful since most of the vendors seem
to
>encode some kind of description of the virus type in its name. For
>example Sophos names Word 97 Macro viruses as WM97/virusname. This
way we
>could choose to send notifications for macro viruses (which tend to
appear
>in documents sent by users) but ignore other types of virus.
I could do that. The simpler thing to do is change the default setting
in
new installations to *not* send sender warnings at all ("Warn Senders =
no").
Thoughts?
--
Can it also be expanded to notify senders and recipients if filetypes
are blocked?
I have "Warn Senders = no" and the senders of blocked file types never
know their
files have been stripped. It would be nice if they were notified.
Jeff
More information about the MailScanner
mailing list