Slient Virus

[Chris Conn]

> Julian put WM97/ and Joke/ in the example because the Sophos reports
> identify these files as WM97/something or Joke/something. Klez is
> identified as W32/Klez-H (or -whatever variant you're looking for). The
> string "Klez/" doesn't appear in that identification. If you want Klez
> in your Non-forging list then any of
>
> Klez
> Klez-H          (if you only want to check for that)
> W32/Klez
>
> should do the trick, assuming that these are the strings that your virus
> checker uses. (Can't recall if you use Sophos or not?)

Hello,

I just tried setting Klez to non-forging to test, and the behaviour is
the same; I have set:

Deliver Disinfected Files = no
Silent Viruses = All-Viruses
Still Deliver Silent Viruses = no
Non-Forging Viruses = Klez Zip-Password
Allow Password-Protected Archives = no

Someone (forged email or not) sending a Klez to a local mailbox gets no
warning; local mailbox gets warned that a message had Klez, and also
that screensavers .scr files are dangerous.

Someone sending a Zipped archive gets no warning that the Zip was
blocked.  Local mailbox gets mail delivered, without attachment but with
warning there was one and it was blocked.

How do you warn the sender about password archives being banned, while
not needlessly delivering virus-warnings to local mailboxes?

Chris