Ruleset Woe
hvdkooij at vanderkooij.org
hvdkooij at vanderkooij.org
Tue Oct 16 11:25:41 IST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Houselander wrote:
> I have a script that runs on a server that sends a daily csv file containing
> info about all the mail thats been blocked for a particluar domain.
>
> Since I started using the sane security clam definitions this mail keeps
> getting flagged as a virus.
>
> Ive tried to use rulesets to exclude this particluar email from being virus
> checked
What information did you get from the message headers?
What information did you get fom the logs?
These 2 should give you a better insight how a message was handled.
And never forget that whatever happens to be on the To: or From: line
may not be at all what is used to deliver the message. So your rules may
not work the way you think because you might be looking at the wrong
addresses.
Think of it as snailmail. The postman only looks at the envelope to
deliver the message. MailScanner is the bastard in the middle that scans
the same envelopes and decides who is going to read the messages besides
you. That is where your rules come to play.
Like this one passes the CIA and the FBI. The next one one we do not
touch. The third one is looked at by the CIA and DEA. And so on.
Hugo.
- --
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHFJGiBvzDRVjxmYERAhAOAJ41+JjlWMGR0n8oPIvJa415MbgT8wCfT6Li
p8TSnVfAQ0tt8GFJDXn7Isk=
=9TLW
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list