Silent Viruses and Mydoom
Matthew K Bowman
mkbowman at neo.rr.com
Wed Jan 28 19:37:00 GMT 2004
Thanks I got the order correct but Mydoom is still getting passed on as a
notification
Infection: W32/Mydoom.A at mm
does Mydoom.A have to exist in the ruleset
----- Original Message -----
From: "Sebastian Wiesinger" <sw at INTERNETX.DE>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, January 28, 2004 11:56 AM
Subject: Re: Silent Viruses and Mydoom
> * Matthew K Bowman <mkbowman at neo.rr.com> [2004-01-28 17:52]:
> > Hi,
> >
> > I setup a Ruleset for MyDoom but users are still be notified:
> >
> > Ruleset below:
> >
> > Virus: default yes
> > Virus: Bagle no
> > Virus: MyDoom no
> > Virus: NoVarg no
> > FromOrTo: default yes
> >
> > Is my syntax and wording ok?
>
> First, the ruleset uses the first line matching, so put your first
> line from top to the bottom.
>
> If you're using ClamAV you should add:
>
> Virus: SCO no
>
> before your default line.
>
> Like this:
>
> Virus: Bagle no
> Virus: MyDoom no
> Virus: NoVarg no
> Virus: SCO no
> Virus: default yes
>
> Sebastian
>
More information about the MailScanner
mailing list