Slient Virus

[Julian Field]

At 16:21 29/03/2004, you wrote:
>>Julian put WM97/ and Joke/ in the example because the Sophos reports
>>identify these files as WM97/something or Joke/something. Klez is
>>identified as W32/Klez-H (or -whatever variant you're looking for). The
>>string "Klez/" doesn't appear in that identification. If you want Klez
>>in your Non-forging list then any of
>>
>>Klez
>>Klez-H          (if you only want to check for that)
>>W32/Klez
>>
>>should do the trick, assuming that these are the strings that your virus
>>checker uses. (Can't recall if you use Sophos or not?)
>
>Hello,
>
>I just tried setting Klez to non-forging to test, and the behaviour is
>the same; I have set:
>
>Deliver Disinfected Files = no
>Silent Viruses = All-Viruses
>Still Deliver Silent Viruses = no
>Non-Forging Viruses = Klez Zip-Password
>Allow Password-Protected Archives = no
>
>Someone (forged email or not) sending a Klez to a local mailbox gets no
>warning; local mailbox gets warned that a message had Klez, and also
>that screensavers .scr files are dangerous.
>
>Someone sending a Zipped archive gets no warning that the Zip was
>blocked.  Local mailbox gets mail delivered, without attachment but with
>warning there was one and it was blocked.
>
>How do you warn the sender about password archives being banned, while
>not needlessly delivering virus-warnings to local mailboxes?

Check the settings of

Notify Senders =
Notify Senders Of Viruses =
Notify Senders Of Blocked Filenames Or Filetypes =
Notify Senders Of Other Blocked Content =

as they also affect what the senders get.

Sorry the sender notification settings seem a little complicated, I need to
balance the need to maintain backward compatibility with fine-grained
control, while still enforcing things like stopping everyone warning
senders about viruses by default.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654