We got slammed with them today as well. It caught a bunch that made it past spam filtering (we run AVAFTERJM ON). So I'd second that recommendation to NOT turn it off. If you're concerned about delivery, set up an email notification to let the intended recipient know the message was held, and include a link to a script to requeue the message for delivery.
Darin. ----- Original Message ----- From: "Shayne Embry" <[EMAIL PROTECTED]> To: <declude.virus@declude.com> Sent: Tuesday, July 31, 2007 5:09 PM Subject: re: [Declude.Virus] [Invalid ZIP Vulnerability] Not too sure you'd want to turn that off. We've been getting hit by a wave of messages the last two days, all with the same vulnerability. I've been too busy to spend any time looking at the payload...but if they're not viruses they are definitely spam. I'm catching about 40 per hour, widely distributed among about 550 accounts across 100 domains. Shayne Embry -------- Original Message -------- > From: Heimir Eidskrem <[EMAIL PROTECTED]> > Sent: Tuesday, July 31, 2007 2:53 PM > To: declude.virus@declude.com > Subject: [Declude.Virus] [Invalid ZIP Vulnerability] > > How do I turn this off. > I am having emails held as virus but they are not. > They do contain pdfs and doc files. > > Could not find it in the manual. > > > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
