Slient Virus
Martin Sapsed
m.sapsed at BANGOR.AC.UK
Mon Mar 29 10:00:53 IST 2004
Chris Conn wrote:
> Fine, but nevertheless, how come there is no message sent to even the
> forged email with the configuration I posted?
[which was]
Non-Forging Viruses = Klez/ Zip-Password
Sorry - it's just come to me.
Julian put WM97/ and Joke/ in the example because the Sophos reports
identify these files as WM97/something or Joke/something. Klez is
identified as W32/Klez-H (or -whatever variant you're looking for). The
string "Klez/" doesn't appear in that identification. If you want Klez
in your Non-forging list then any of
Klez
Klez-H (if you only want to check for that)
W32/Klez
should do the trick, assuming that these are the strings that your virus
checker uses. (Can't recall if you use Sophos or not?)
Cheers,
Martin
--
Martin Sapsed
Information Services "Who do you say I am?"
University of Wales, Bangor Jesus of Nazareth
More information about the MailScanner
mailing list