don't quarantine silent viruses?
Marcin Rozek
marcin.rozek at IOS.EDU.PL
Wed May 26 13:33:27 IST 2004
Patel, Anjana wrote:
> In MailScanner.conf:
> Quarantine Infections = %rules-dir%/quarantine.rules
> Example quarantine.rules file:
> Virus: bagle no
> Virus: dumaru no
(cut)
> Virus: default yes
> Hope this helps
Great! Good way to kick me into interest of rulesets :)
My first thought was is it possible to add a keyword to rulesets eg.
SilentViruses so we could list all silent viruses in Mailscanner.conf and refer
to them in rulesets instead of listing each of them in *.rules.
eg:
Virus: SilentViruses no/yes
Now when new mass-mailing worm appears we'll have to modify all *.rules instead
of adding this to Silent Viruses in Mailscanner.conf.
And just to be sure... rulesets are checked until first match?
eg.:
From: 192.168.1. yes
Virus: bagle no
and the mail with bagle worm comes from 192.168.1.1 - 'yes' will be taken as an
action?
--
Best regards,
Marcin
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list