Quick question about 'All-Viruses' tag

Julian Field mailscanner at ecs.soton.ac.uk
Mon Sep 29 17:06:57 IST 2003 

At 15:40 29/09/2003, you wrote:
>Hi, Anton (et al.)!
>
>Ummm, I'm still not quite there with getting my head around this I'm afraid
>(and admit I may be mis-phrasing what I'm trying to ask)...
>
>==========
>
>I'm under the impression that:
>
>    Silent Viruses = Klez Yaha ...
>    Still Deliver Silent Viruses = no
>
>identifies the named viruses as being 'silent' in that
>
>    a)  the sender is not notified, and
>    b)  the incoming message is silently dropped (nothing gets delivered
>        to the recipient at all)

unless
Still Delivery Silent Viruses = yes
at which point the recipient will get the cleaned message.


>For the other, 'non-silent' viruses:
>
>    a)  the sender is notified if and only if
>            Notify Senders = yes
>            Notify Senders Of Viruses = yes
>
>    b)  the incoming message is delivered, either with the attachment
>        disinfected where possible (assuming 'Deliver Disinfected Files =
>        yes') otherwise cleaned (the infected attachment removed and
>        replaced with the VirusWarning text).

If
Deliver Cleaned Messages = yes


>Have I got that right so far (laying aside complications with regard to
>using rulesets etc)?
>
>==========
>
>Because to my mind using the 'All-Viruses' tag:
>
>    Silent Viruses = Klez Yaha ...
>    Still Deliver Silent Viruses = no
>
>means that now ANY and EVERY virus is considered to be 'silent':
>specifically:
>
>    a)  the sender is not notified, and
>    b)  the incoming message is silently dropped (nothing gets delivered
>        to the recipient at all)

so long as
Still Deliver Silent Viruses = no
then that is true.


>I infer from this that no message with an infected attachment (regardless
>of which virus it is) is then ever eligible for disinfecting/cleaning
>followed by delivery.
>
>Am I correct in thinking this is how it works out?
>
>==========
>
>Re-pondering over things I _think_ this is what I'm trying to achieve:
>
>    1.  Senders of virus-infected messages are never notified.
>
>    2.  For certain known viruses don't deliver anything to the
>        intended recipient (to avoid their INBOX filling up with these
>        useless warnings).
>
>    3.  Virus-infected messages should be disinfected (attachment
>        remains) or cleaned (attachment replaced by VirusWarning text)
>        then delivered.
>
>Having peered again at the configuration file I _think_ the following will
>achieve something along the lines of what I'm after:
>
>1.  Notify Senders = yes
>    Notify Senders Of Viruses = no
>    Notify Senders Of Blocked Filenames Or Filetypes = yes
>    Notify Senders Of Other Blocked Content = yes
>
>2.  Silent Viruses = HTML-IFrame Klez Yaha Sobig ...
>    Still Deliver Silent Viruses = no
>
>3.  Deliver Disinfected Files = yes
>
>Comments anyone?
>(Even "That's not a sensible approach to adopt!")

That should be okay.


>==========
>
>However with the sender-forging virus now becoming the de facto standard
>perhaps I should just go with
>
>    Silent Viruses = HTML-IFrame All-Viruses
>
>and be done with it.

That's not a bad idea.


>What are other doing now that this new tag is available?
>
>
>Cheers,
>
>Mike Brudenell
>
>--
>The Computing Service, University of York, Heslington, York Yo10 5DD, UK
>Tel:+44-1904-433811  FAX:+44-1904-433740
>
>* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list