don't quarantine silent viruses?

Derek Winkler dwinkler at ALGORITHMICS.COM
Wed May 26 14:15:13 IST 2004 

Order does matter, checked until first match except for default which can
appear anywhere in the ruleset and defines the default action if there is no
match.

You may want to read EXAMPLES and README in the rule directory.

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Marcin Rozek
> Sent: Wednesday, May 26, 2004 8:33 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: don't quarantine silent viruses?
>
>
> Patel, Anjana wrote:
> > In MailScanner.conf:
> > Quarantine Infections = %rules-dir%/quarantine.rules
> > Example quarantine.rules file:
> > Virus:          bagle           no
> > Virus:          dumaru          no
> (cut)
> > Virus:          default         yes
> > Hope this helps
> Great! Good way to kick me into interest of rulesets :)
> My first thought was is it possible to add a keyword to rulesets eg.
> SilentViruses so we could list all silent viruses in
> Mailscanner.conf and refer
> to them in rulesets instead of listing each of them in *.rules.
> eg:
> Virus:          SilentViruses           no/yes
> Now when new mass-mailing worm appears we'll have to modify
> all *.rules instead
> of adding this to Silent Viruses in Mailscanner.conf.
>
> And just to be sure... rulesets are checked until first match?
> eg.:
> From:   192.168.1.      yes
> Virus:  bagle           no
> and the mail with bagle worm comes from 192.168.1.1 - 'yes'
> will be taken as an
> action?
> --
> Best regards,
> Marcin
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list