Don't Quarantine Viruses
Eric Dantan Rzewnicki
rzewnickie at RFA.ORG
Fri Jan 30 17:20:56 GMT 2004
Thanks Julian,
I've implemented this with "mydoom" and it's saving us a lot of disk
space.
What are the chances of having All-Viruses as in the Silent Viruses
config option available as a special case in this ruleset? Something like:
Virus: All-Viruses no
Virus: default yes
so we could quarantine only filename, filetype and html-tag "virus"
detected mail.
Is this possible? Would it be a good idea?
-Eric Rz.
On Fri, Jan 30, 2004 at 09:26:18AM +0000, Julian Field wrote:
> The test is a simple sub-string, so "mydoom" should match both of your
> examples.
>
> At 22:32 29/01/2004, you wrote:
> >Do these names have to match the name as reported by the virus scanners?
> >or is it case insensitive?
> >
> >i.e., will:
> >
> >Virus: mydoom no
> >
> >prevent mydoom from being quarantined when caught by either sophossavi
> >or uvscan?
> >
> >or do I need to do this? :
> >
> >Virus: W32/MyDoom-A no
> >Virus: W32/Mydoom.a at MM no
> >
> >
> >Thanks,
> >Eric Rz.
> >
> >On Wed, Jan 28, 2004 at 02:55:11PM -0500, Hirsh, Joshua wrote:
> >> > I'd like to be able to not quarantine viruses but still
> >> > quarantine filetype denies.
> >>
> >> Yup, you can distinguish between the two. You can set "Quarantine
> >> Infections" to match against a rule, and in the rules file have something
> >> like this:
> >>
> >> Virus: sobig no
> >> Virus: dumaru no
> >> Virus: mimail no
> >>
> >>
> >> Etc..
> >>
> >>
> >> Cheers,
> >>
> >> -Joshua
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list