Quick question about 'All-Viruses' tag

Mike Brudenell pmb1 at YORK.AC.UK
Mon Sep 29 15:40:49 IST 2003


Hi, Anton (et al.)!

Ummm, I'm still not quite there with getting my head around this I'm afraid
(and admit I may be mis-phrasing what I'm trying to ask)...

==========

I'm under the impression that:

    Silent Viruses = Klez Yaha ...
    Still Deliver Silent Viruses = no

identifies the named viruses as being 'silent' in that

    a)  the sender is not notified, and
    b)  the incoming message is silently dropped (nothing gets delivered
        to the recipient at all)

For the other, 'non-silent' viruses:

    a)  the sender is notified if and only if
            Notify Senders = yes
            Notify Senders Of Viruses = yes

    b)  the incoming message is delivered, either with the attachment
        disinfected where possible (assuming 'Deliver Disinfected Files =
        yes') otherwise cleaned (the infected attachment removed and
        replaced with the VirusWarning text).

Have I got that right so far (laying aside complications with regard to
using rulesets etc)?

==========

Because to my mind using the 'All-Viruses' tag:

    Silent Viruses = Klez Yaha ...
    Still Deliver Silent Viruses = no

means that now ANY and EVERY virus is considered to be 'silent':
specifically:

    a)  the sender is not notified, and
    b)  the incoming message is silently dropped (nothing gets delivered
        to the recipient at all)

I infer from this that no message with an infected attachment (regardless
of which virus it is) is then ever eligible for disinfecting/cleaning
followed by delivery.

Am I correct in thinking this is how it works out?

==========

Re-pondering over things I _think_ this is what I'm trying to achieve:

    1.  Senders of virus-infected messages are never notified.

    2.  For certain known viruses don't deliver anything to the
        intended recipient (to avoid their INBOX filling up with these
        useless warnings).

    3.  Virus-infected messages should be disinfected (attachment
        remains) or cleaned (attachment replaced by VirusWarning text)
        then delivered.

Having peered again at the configuration file I _think_ the following will
achieve something along the lines of what I'm after:

1.  Notify Senders = yes
    Notify Senders Of Viruses = no
    Notify Senders Of Blocked Filenames Or Filetypes = yes
    Notify Senders Of Other Blocked Content = yes

2.  Silent Viruses = HTML-IFrame Klez Yaha Sobig ...
    Still Deliver Silent Viruses = no

3.  Deliver Disinfected Files = yes

Comments anyone?
(Even "That's not a sensible approach to adopt!")

==========

However with the sender-forging virus now becoming the de facto standard
perhaps I should just go with

    Silent Viruses = HTML-IFrame All-Viruses

and be done with it.

What are other doing now that this new tag is available?


Cheers,

Mike Brudenell

--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *



More information about the MailScanner mailing list