Re: [Declude.JunkMail] Multi Server Configs

[Matthew Bramble]

FYI, there's no way to be sure that there are no viruses in an executable attachment.  Case in point is the fact that if not for the banned extensions, I would have been letting Sobig.F through Declude plus F-Prot from Monday all the way through Wednesday at 3 p.m (when my F-Prot was updated with appropriate definitions).  My JunkMail config was tight enough to block the virus for accounts without virus protection (BADHEADERS, HELOBOGUS, IPNOTINMX, SPAMHEADERS), although I'm not confident that it caught everything. I've seen this before as well, though not as bad, where viruses spread so fast that they get to my server before anyone releases a definitions update.  These files can then hit someone's desktop and be executed by the user because of a similar lack of appropriate definitions. I'm not saying that you are wrong to do what you do, just that I and many others consider the banned extensions a first line of defense for brand new viruses, and it is definitely necessary for good virus protection and causes no problems unless you are blocking more common extensions (like .exe).  All files that flunk the banned extensions test also get put into hold on the server, though I would prefer to be able to turn that off. Matt Hermann Strassner wrote: Scott, I know this is the wrong discussion group, but since we're on the topic, would it make more sense to test for banned extensions before it goes to the virus scanner in order to save processing power?    Scott, please don`t do this. I forward messages with banned extension sometimes, and i must be sure that there is no virus in it!   Hermann