.AGP Files

[Rodney Green]

Should the "FromorTo: default yes" statement be the last line in the 
scan.messages.rule file?

Alex Neuman wrote:
> Scanning for viruses doesn't corrupt files.
> Modifying the message after it's scanned (adding signatures and 
> headers) may make digital signatures like DKIM and such fail their 
> specific checks because the message has been modified.
> Allowing the file through doesn't corrupt the file. It changes the 
> message.
> You need to NOT process those messages. Try adding:
> Scan Messages = %rules-dir%/scan.messages.rules
>
> And in your scan.messages.rules file, located within the %rules-dir% 
> folder, add:
>
> FromOrTo:    default    yes
> From:    xx.xx.xx.xx    no
>
> ... where xx.xx.xx.xx is the IP address of the sending server.
>
> You could ask "why not use From: *@domain.com"... that would mean that 
> anyone could pretend to be from that domain and get through 
> mailscanner untouched.
>
> In fact, the truly paranoid could use:
>
> From:    blabla at domain.com    and    From:    xx.xx.xx.xx    yes
>
> That would mean a message would have to be from blabla at domain.com AND 
> come from that IP in order to skip processing by MailScanner. Fake 
> messages from elsewhere would be scanned, and messages that don't have 
> that AGP thing would be scanned because they come from somebody else 
> that doesn't use them.
>
> On Jun 5, 2008, at 9:30 AM, Pedro Bordin Hoffmann - [M]orpheus wrote:
>
>



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.