Feature concept... "noisy viruses"?

Julian Field mailscanner at ecs.soton.ac.uk
Fri Feb 20 18:06:22 GMT 2004


I think people would use virus types as opposed to virus names. So things
like "WM97" would be put in the list, rather than names of specific viruses.

At 17:48 20/02/2004, you wrote:
>If somebody came up with a list of "noisy" viruses and their names according
>to ClamAV, McAfee, Sophos, etc, I could imagine quite a few of us using it.
>
>Phil
>
>---------------------------------------------
>Phil Randal
>Network Engineer
>Herefordshire Council
>Hereford, UK
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of Julian Field
> > Sent: 20 February 2004 17:47
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Feature concept... "noisy viruses"?
> >
> >
> > At 17:26 20/02/2004, you wrote:
> > >Matt Kettler wrote:
> > >>However, there are those that continue to use Virus
> > notifies and manually
> > >>maintain their silent virus list.. This would offer those
> > administrators a
> > >>"reduced headache" alternative while still reaching their goals of
> > >>notifying senders where it's practical.
> > >>
> > >>I'm mostly proposing it from a concept of "If people are
> > going to use it,
> > >>at least offer them an option which defaults to the
> > most-safe behavior if
> > >>they fall behind in maintenance"
> > >>
> > >>I myself might even consider using the feature on occasion,
> > despite my
> > >>opposition to general virus notifications. However, I won't
> > push strongly
> > >>for you to implement it or not.
> > >
> > >I'd be in favour of this as an alternative to removing the feature
> > >altogether, especially if (as now) it matched on substrings.
> > You could
> > >"whitelist" WM97 for example and then someone would get a wake up if
> > >they didn't know they had a macro virus, "Joke" or "Troj" would also
> > >show that those types weren't welcome. Specific things like
> > Gibe-F can
> > >be added if they're high volume and known not to spoof.
> >
> > So the only extra configuration option would be "Noisy Viruses =".
> >
> > If a message report matched the "noisy" substring list, then
> > the message
> > would be delivered and a warning sent to the sender (assuming
> > other options
> > allow it).
> >
> > If a message report matched both the "noisy" and "silent"
> > substring lists,
> > then the "noisy" status would win. Then you could put
> > "All-Viruses" in the
> > silent list and "WM97" in the noisy list, and the WM97 status
> > would cause
> > the warnings to be sent, despite the silent list.
> >
> > Does this sound right to you?
> > It looks quite possible to implement.
> >
> > Do lots of people want this feature? Or is it only going to
> > be used by a
> > couple of you?
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list