Feature concept... "noisy viruses"?

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Fri Feb 20 17:48:56 GMT 2004


If somebody came up with a list of "noisy" viruses and their names according
to ClamAV, McAfee, Sophos, etc, I could imagine quite a few of us using it.

Phil

---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: 20 February 2004 17:47
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Feature concept... "noisy viruses"?
>
>
> At 17:26 20/02/2004, you wrote:
> >Matt Kettler wrote:
> >>However, there are those that continue to use Virus
> notifies and manually
> >>maintain their silent virus list.. This would offer those
> administrators a
> >>"reduced headache" alternative while still reaching their goals of
> >>notifying senders where it's practical.
> >>
> >>I'm mostly proposing it from a concept of "If people are
> going to use it,
> >>at least offer them an option which defaults to the
> most-safe behavior if
> >>they fall behind in maintenance"
> >>
> >>I myself might even consider using the feature on occasion,
> despite my
> >>opposition to general virus notifications. However, I won't
> push strongly
> >>for you to implement it or not.
> >
> >I'd be in favour of this as an alternative to removing the feature
> >altogether, especially if (as now) it matched on substrings.
> You could
> >"whitelist" WM97 for example and then someone would get a wake up if
> >they didn't know they had a macro virus, "Joke" or "Troj" would also
> >show that those types weren't welcome. Specific things like
> Gibe-F can
> >be added if they're high volume and known not to spoof.
>
> So the only extra configuration option would be "Noisy Viruses =".
>
> If a message report matched the "noisy" substring list, then
> the message
> would be delivered and a warning sent to the sender (assuming
> other options
> allow it).
>
> If a message report matched both the "noisy" and "silent"
> substring lists,
> then the "noisy" status would win. Then you could put
> "All-Viruses" in the
> silent list and "WM97" in the noisy list, and the WM97 status
> would cause
> the warnings to be sent, despite the silent list.
>
> Does this sound right to you?
> It looks quite possible to implement.
>
> Do lots of people want this feature? Or is it only going to
> be used by a
> couple of you?
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>



More information about the MailScanner mailing list