don't quarantine silent viruses?
Patel, Anjana
Anjana.Patel at CRANFIELD.AC.UK
Wed May 26 11:37:13 IST 2004
This config works quite well for us (cuts down the quarantine dir by
8o%):
In MailScanner.conf:
Quarantine Infections = %rules-dir%/quarantine.rules
Example quarantine.rules file:
Virus: bagle no
Virus: dumaru no
Virus: klez no
Virus: lovgate no
Virus: mimail no
Virus: mydoom no
Virus: netsky no
Virus: sober no
Virus: sobig no
Virus: swen no
Virus: default yes
Hope this helps
Anjana
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Randal, Phil
> Sent: 26 May 2004 10:46
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: don't quarantine silent viruses?
>
> That is another excellent idea. I've just scanned the archives and am
> still
> confused as to what the ruleset would be to still quarantine "illegal"
> attachments but not quarantine viruses. I don't have a test box to
play
> on,
> alas.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
> > -----Original Message-----
> > From: MailScanner mailing list
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of David Lee
> > Sent: 26 May 2004 10:40
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: don't quarantine silent viruses?
> >
> > On Wed, 26 May 2004, John Wilcock wrote:
> >
> > > On Wed, 26 May 2004 10:55:40 +0200, Marcin Rozek wrote:
> > > > about 98% of e-mails that stays in our quarantine are copies of
> > > > netsky/bagle/etc
> > > > - could you please add an option to mailscanner "Don't
quarantine
> > > > silent viruses"? That would save a lot of disk-space.
> > >
> > > This can already be done with a ruleset (search the archives) but
I
> > > agree that this would be such a useful function that it
> > might be worth
> > > an option of its own.
> >
> > <just-a-thought>
> > I agree with the above idea, but question its "another
> > option" solution.
> >
> > Consider the wider picture of MailScanner.conf overall, and
> > the number of questions on this list whose answer contains
> > "with a ruleset". Perhaps we need to push rulesets a bit
> > more, and have some default functionality actually using real
> > rulesets.
> >
> > If we agree that that this particular item ("Don't quarantine silent
> > viruses") would be a useful default, then rather than yet
> > another option, perhaps the answer might be to for the
> > default to become "use this ruleset", and for the default
> > ruleset to implement "Don't quarantine silent viruses".
> >
> > Using real rulesets in the default configuration, with real
examples,
> > would:
> > 1. bring rulesets to the attention of people who don't know
> > about them; 2. give confidence to those who are timid about
> > starting to use them; 3. demonstrate the preferred
> > "xxx.rules" naming; 4. etc.
> > </just-a-thought>
> >
> >
> > --
> >
> > : David Lee I.T. Service :
> > : Systems Programmer Computer Centre :
> > : University of Durham :
> > : http://www.dur.ac.uk/t.d.lee/ South Road :
> > : Durham :
> > : Phone: +44 191 334 2752 U.K. :
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/ and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list