Virus Warnings

Jeff Earickson jaearick at COLBY.EDU
Wed Apr 7 17:59:14 IST 2004


Hi,
I implemented this ruleset this morning (I use MS 4.29.7), and quickly
found that it tags and discards the MailScanner notices to the system
administrator too.  These are very important to me, because I use procmail
to trap them so I can do a daily count of viruses (and other things
like forms tags) killed, and where they come from.

Specifically, I had to change the scores (to 0.1) on VIRUS_WARNING15,
VIRUS_WARNING28, VIRUS_WARNING300, and remove the reference to
MailScanner on VIRUS_WARNING62.  I was also offended by the remark
"MailScanner is a real PITA" at rule 250.  Maybe the authors have
wised up since that comment was added.

But, after tweaking, this ruleset is doing the trick for me.

Jeff Earickson
Colby College

On Wed, 7 Apr 2004, Randal, Phil wrote:

> Date: Wed, 7 Apr 2004 17:13:10 +0100
> From: "Randal, Phil" <prandal at HEREFORDSHIRE.GOV.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Virus Warnings
>
> Roger Jochem asked:
>
> > Is there any way I can block some of the hundreds of virus
> > warnings my users receive per day for "sending" virus like netsky?
> >
> > Because netsky and so much other viruses use fake from
> > address, this messages are all false. How could I block some
> > of these with MailScanner?
> >
> > (I'm tired of explaying to every user that he is not infected
> > and is not sending .scr files to some e-mail adress he never
> > saw before...)
> >
> > Regards
> >
> > Roger Jochem
>
> Add http://www.timj.co.uk/linux/bogus-virus-warnings.cf to your
> /etc/mail/spamassassin directory.
>
> It makes them high-scoring spam, so it doesn't get delivered (if you're set
> up that way).
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>



More information about the MailScanner mailing list