As a practical matter, about what percent fall into the category of the Virus Scanner making a false positive? IOW, aren't you out hunting mosquitos with hand grenades?
Friday, January 27, 2006, 8:58:25 AM, Markus Gufler <[EMAIL PROTECTED]> wrote: >> Instead of doing something like that, which will require >> on-going, hands-on maint, why not just tag to hold those >> which are identified by the scanner as suspicious or generic >> and delete the rest? MG> This is another possible solution but my intention is to clean my server MG> from messages containing certain viruses. Thus are the well know top viri MG> like Sober, Netsky and Co. MG> Deleting them immediatly there will remain only a little crowd of viruses MG> and suspicious files. Whatever will happen in the future I have them on my MG> server and can keep it there also for one or two weeks in the case it turns MG> out that some user is missing a legit message. In this cas I can find the MG> message in my virus-folder on the server and requeue it even if it was MG> "false positive"-identified by some scanner as a fiften year old MG> "tequila"-Virus. MG> Andrews idea to parse the virus logfile instead of the content from each MG> virus-message is definitively an excellent idea. However there is a more MG> simplier and efficient possibility if we could delete infected messages by MG> the virus name. MG> Markus >> >> >> Wednesday, January 25, 2006, 4:37:28 PM, Markus Gufler >> <[EMAIL PROTECTED]> wrote: >> MG> Maybe someone has already requested it: >> >> MG> Why not allow commands like >> >> MG> DELETEVIRUSNAME Netsky >> MG> DELETEVIRUSNAME Bagle >> MG> ... >> >> MG> in the virus.cfg file? >> >> MG> I won't and can't delete all viruses on our server >> because there is >> MG> always the possibility that a scanner is catching something as >> MG> "suspicious" or "generic" >> >> MG> But commands to delete certain virusnames should be very easy to >> MG> implement and allow us to eliminate > 95% of all hold >> viruses on out servers. >> >> MG> Markus >> >> MG> --- >> MG> [This E-mail was scanned for viruses by Declude EVA >> www.declude.com] >> >> MG> --- >> MG> This E-mail came from the Declude.Virus mailing list. To >> MG> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> MG> type "unsubscribe Declude.Virus". The archives can be found >> MG> at http://www.mail-archive.com. >> >> >> >> ---- >> Don Brown - Dallas, Texas USA Internet Concepts, Inc. >> [EMAIL PROTECTED] http://www.inetconcepts.net >> (972) 788-2364 Fax: (972) 788-5049 >> ---- >> >> --- >> [This E-mail was scanned for viruses by Declude EVA www.declude.com] >> >> --- >> This E-mail came from the Declude.Virus mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.Virus". The archives can be found >> at http://www.mail-archive.com. >> MG> --- MG> [This E-mail was scanned for viruses by Declude EVA www.declude.com] MG> --- MG> This E-mail came from the Declude.Virus mailing list. To MG> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and MG> type "unsubscribe Declude.Virus". The archives can be found MG> at http://www.mail-archive.com. ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.