Any Ideas on these rules
Shortt, Kevin
KShortt at AZERTY.COM
Fri Sep 5 15:24:31 IST 2003
> header __SOBIG_X X-MailScanner =~ /Found to be clean/
>>Please don't create an SA rule to label emails which have been scanned by
>>MailScanner (in its default configuration) as spam.
>>PLEASE do not post anything like this to the SA mailing list - people will
>>use it without understanding the significance of what they are using.
It's not a default config. It happens to be a characteristic of the virus
that was propogated and as the rule is written only matches such messages.
It is also written with the "__" which does not add hits to the message
by default.
One can not presume the knowledge level (or lack of) when asking a question.
A question is asked and directed at the people that have the knowledge.
If someone uses the information incorrectly that is no ones fault but thier
own. I thought that what the internet was about.
Anyway...back to the original post. The rule was working and catching only
SOBIG virii. We've recently noticed it's no longer functioning.
Does anyone have any ideas for us to trouble shoot this?
-k
More information about the MailScanner
mailing list