Don't Quarantine Viruses

Julian Field mailscanner at ecs.soton.ac.uk
Sat Jan 31 14:18:39 GMT 2004 

At 17:20 30/01/2004, you wrote:
>Thanks Julian,
>
>I've implemented this with "mydoom" and it's saving us a lot of disk
>space.
>
>What are the chances of having All-Viruses as in the Silent Viruses
>config option available as a special case in this ruleset? Something like:
>
>Virus:     All-Viruses     no
>Virus:     default         yes
>
>so we could quarantine only filename, filetype and html-tag "virus"
>detected mail.
>
>Is this possible? Would it be a good idea?

Not sure if it will work, but try
Virus:  /./     no
Virus:  default yes


>-Eric Rz.
>
>On Fri, Jan 30, 2004 at 09:26:18AM +0000, Julian Field wrote:
> > The test is a simple sub-string, so "mydoom" should match both of your
> > examples.
> >
> > At 22:32 29/01/2004, you wrote:
> > >Do these names have to match the name as reported by the virus scanners?
> > >or is it case insensitive?
> > >
> > >i.e., will:
> > >
> > >Virus:   mydoom    no
> > >
> > >prevent mydoom from being quarantined when caught by either sophossavi
> > >or uvscan?
> > >
> > >or do I need to do this? :
> > >
> > >Virus:   W32/MyDoom-A      no
> > >Virus:   W32/Mydoom.a at MM   no
> > >
> > >
> > >Thanks,
> > >Eric Rz.
> > >
> > >On Wed, Jan 28, 2004 at 02:55:11PM -0500, Hirsh, Joshua wrote:
> > >> > I'd like to be able to not quarantine viruses but still
> > >> > quarantine filetype denies.
> > >>
> > >> Yup, you can distinguish between the two. You can set "Quarantine
> > >> Infections" to match against a rule, and in the rules file have
> something
> > >> like this:
> > >>
> > >> Virus:  sobig           no
> > >> Virus:  dumaru  no
> > >> Virus:  mimail  no
> > >>
> > >>
> > >> Etc..
> > >>
> > >>
> > >>  Cheers,
> > >>
> > >> -Joshua
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list