cleaned messages vs. desinfected files
Julian Field
mailscanner at ecs.soton.ac.uk
Thu Jul 15 14:14:51 IST 2004
I think this will become clearer to you if I define the terms:
Cleaned = all infected or dangerous attachments replaced with nice safe
text files explaining what happened.
Disinfected = viruses removed from attachments, but otherwise leaving the
attachments intact. This can only be done with macro-viruses in office
documents.
Office macro-viruses only form about 1% of the total number of viruses you
will see, so delivering "disinfected" files is not usually worth the extra
overhead. It causes a lot more virus scanning to be done, and only improves
behaviour for 1% of your infected attachments anyway.
At 13:32 15/07/2004, you wrote:
>In the MailScanner.conf there're two options about
>what to after desinfect or clean a virus.
>
>Deliver Cleaned Messages
>Deliver Desinfected Files
>
>When we're speaking about message, does it include
>either the body, header, etc.. or the attachments?
>
>I mean, If I say 'Deliver Cleaned Messages = no' and
>'Deliver Desinfected Files = yes', what will it
>happen?
With most viruses (i.e. all the non-macro viruses) the recipient will get
nothing. With the macro-viruses, the recipient will get a message saying
the virus infection has been removed from the documents and here they are.
This setting doesn't make much sense.
> and if I say 'Deliver Cleaned Messages = yes'
>and 'Deliver Desinfected Files = no'?
This is the normal way of running.
Infected attachments will be removed from messages and will be replaced
with text file attachments explaining what happened.
No attempt will be made to remove macro viruses from documents or deliver
the disinfected files.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list