Hi all, Due to the constat increasing number of needless virus warning messages from "dumb" av-scanners not knowing what worms are forging I've tried to set up a COMBO filter to catch this messages as spam. (Text filter files for Junkmail Pro)
On (remove the space in the middle) http://www2.spamchk.com/ download/AVFILTER-COMBO_v0.3.zip I've prepared the 4 files files for download in the hope that other users can befefit from it and maybe also bring in some improvements. How it works: The Combo-filter looks for certain combinations of phrases commonly used in virus warning messages. The phrases are seprated in 3 categories VNAME: virusnames known to be forging (example: "Sober") WARN: phrases used to report some action or warning (example: "quarantined", "delivered", "blocked") ITEM: phrases mentioning the identified item (example: "virus", "file", "atachment") The last filter file is the COMBO-test and the only one assigning weights. It's able to add points if WARN and VNAME or WARN and ITEM was triggered before. Furthermore it can add additional points if WARN and VNAME and ITEM was triggered before. The tests can be used in the global.cfg file like AVFILTER-VNAME filter C:\IMail\Declude\lists\filter_av_vname.txt x 0 0 AVFILTER-WARN filter C:\IMail\Declude\lists\filter_av_warn.txt x 0 0 AVFILTER-ITEM filter C:\IMail\Declude\lists\filter_av_item.txt x 0 0 AVFILTER-COMBO filter C:\IMail\Declude\lists\filter_av_combo.txt x 0 0 Maybe some others brain can find something to improve this COMBO filter. In this case please report it to me so that I can maintain up-to-date a centralized version of this COMBO filter. I will notify the list if updates are available, for example if a new forging virus is comming up. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
