Sophos thinks multi-part spanning zips are viruses

[James Corell]

Didn't even realize that this was a configuration option. I've gone back in
and fixed up the config file, everything works.

As for policy and philosophy, I'm inclined to agree with Julian. Policy is
set by the suits around here, however. Slightly different? Try completely
opposite and, generally, *wrong*.

Julian, again, the configurability (is that a word?) of MailScanner has
saved my butt. A million thanks.

James Corell
E-P-C-S
111 West Mitchell, Suite E
Gaylord, MI 49735
(989) 732-1366


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Martin Sapsed
Sent: Wednesday, March 10, 2004 5:28 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Sophos thinks multi-part spanning zips are
viruses


James Corell wrote:
> Actually, I'd like MailScanner not to consider an attachment a virus
unless
> Sophos CONFIRMS that it is actually a virus (rather than simply failing to
> be able to scan it).

I think adding "part of multi volume archive" to the "Allowed Sophos
Error Messages" configuration item should do the trick.

Julian's philosophy is to deliver only that which he believes from the
information available to be safe. Because it would be very difficult to
assemble the parts of the attachment together so that he can be checked
properly, they're treated as potentially hostile and blocked.

You're suggesting a philosophy of deliver it unless you know it's not
safe which is slightly different.

Cheers,

Martin

--
Martin Sapsed
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth