Don't Quarantine Viruses

[Sveinn G. Gunnarsson]

How about a rule that makes use of the MassMail flag that most virus engines
output (@mm)

Would a rule like this make the trick?

Virus:  \@mm            yes
Virus:  default no


Cheers,
Svenni...


> I've implemented this with "mydoom" and it's saving us a lot of disk
> space.
>
> What are the chances of having All-Viruses as in the Silent Viruses
> config option available as a special case in this ruleset? Something like:
>
> Virus:     All-Viruses     no
> Virus:     default         yes
>
> so we could quarantine only filename, filetype and html-tag "virus"
> detected mail.
>
> Is this possible? Would it be a good idea?
>
> -Eric Rz.
>
> On Fri, Jan 30, 2004 at 09:26:18AM +0000, Julian Field wrote:
> > The test is a simple sub-string, so "mydoom" should match both of your
> > examples.
> >
> > At 22:32 29/01/2004, you wrote:
> > >Do these names have to match the name as reported by the virus
> scanners?
> > >or is it case insensitive?
> > >
> > >i.e., will:
> > >
> > >Virus:   mydoom    no
> > >
> > >prevent mydoom from being quarantined when caught by either sophossavi
> > >or uvscan?
> > >
> > >or do I need to do this? :
> > >
> > >Virus:   W32/MyDoom-A      no
> > >Virus:   W32/Mydoom.a at MM   no
> > >
> > >
> > >Thanks,
> > >Eric Rz.
> > >
> > >On Wed, Jan 28, 2004 at 02:55:11PM -0500, Hirsh, Joshua wrote:
> > >> > I'd like to be able to not quarantine viruses but still
> > >> > quarantine filetype denies.
> > >>
> > >> Yup, you can distinguish between the two. You can set "Quarantine
> > >> Infections" to match against a rule, and in the rules file have
> something
> > >> like this:
> > >>
> > >> Virus:  sobig           no
> > >> Virus:  dumaru  no
> > >> Virus:  mimail  no
> > >>
> > >>
> > >> Etc..
> > >>
> > >>
> > >>  Cheers,
> > >>
> > >> -Joshua
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654