Slient Virus

Chris Conn cconn at ABACOM.COM
Fri Mar 26 15:03:44 GMT 2004


Hello,

I myself am looking for understanding of how this Silent vs Non-Forging
viruses works and I am not seeing the behaviour I wish.

To be clear, I want to warn nobody about anything, except for Klez and
passworded Zips.  Here is my current configuration:

Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame HTML-Codebase HTML-Form All-Viruses
Still Deliver Silent Viruses = no
Non-Forging Viruses = Klez/ Zip-Password
Allow Password-Protected Archives = no

Now, any user sent a password-protected zip file will receive the mail,
however with the attachment stripped and adequate warning.  Good.

The user who sent the mail with the zip-password does not get warned
that he sent an illegal mail.  Not good.

Also, if a user receives a Worm.Bagle.Gen-zippwd, the user will have
that email delivered without the attachment, and the warning that a file
was not delivered to him.  Even worse!

Nobody sending Klez mails are warned they have Klez on their computer.

My question is; how do I configure MailScanner to warn a sender he has
Klez, warn a sender and a receiver that the zip-protected mails were
blocked, and not warn the receiver that we blocked a zipped-Bagle that
he did not expect to receive anyway?  What am I interpreting wrong in
the way to configure this?

Thanks,

Chris



More information about the MailScanner mailing list