Yes I apologize I only realized the next day (Saturday) that this would not work because the message will be scanned if it is under a HOLD or DELETE threshold.
David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, May 02, 2007 4:03 PM To: [email protected] Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude failures I am confused as to how this would work, as BANEXT RAR in EVA will hold those files regardless of the weight. Has anyone worked out a way to ban small RAR files that would contain the virus, and pass large RAR files that most likely would not? I'm trying to find a work around until Declude figures out how to detect encrypted RAR files. Right now I'm banning all RAR files, then have to go in and manually re-submit the legitimate RAR files that my customers are sending. Gary -------- Original Message -------- > From: "David Barker" <[EMAIL PROTECTED]> > Sent: Friday, April 27, 2007 5:52 PM > To: [email protected] > Subject: RE: [Declude.Virus] More info about encrypted RAR virus and > Declude failures > > You may be able to do something with the MSGSIZE test in conjunction > with AVAFTERJM ON eg. > > SIZE-10MB msgsize 10240 x -50 0 > > David Barker > VP Operations | Declude > Your Email Security is our business > O: 978.499.2933 x7007 > F: 978.988.1311 > E: [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Gary Steiner > Sent: Friday, April 27, 2007 4:25 PM > To: [email protected] > Subject: RE: [Declude.Virus] More info about encrypted RAR virus and > Declude failures > > It's not that difficult. The legitimate messages with rar attachments > are big (usually 10MB and up) so it's not hard to separate them from > the image spam and common viruses being held in the virus directory. > > As mentioned by Craig in an earlier post, it would be nice if Declude > added the capability to skip banning on files of large size. > > > > -------- Original Message -------- > > From: "John T \(lists\)" <[EMAIL PROTECTED]> > > Sent: Friday, April 27, 2007 3:56 PM > > To: [email protected] > > Subject: RE: [Declude.Virus] More info about encrypted RAR virus and > > Declude failures > > > > > Until Declude resolves the issue with BANEXT EZIP, I've had to ban > > > all rar files. Unfortunately some of my customers regularly send > > > rar attachments, so I've had to check the virus hold directory on > > > a regular basis and manually resubmit any false positives there. > > > > > > Gary > > > > Instead of manually checking for legit files, use the BANEXT.eml > > file to send a postmaster message that you get and/or the recipient > > and/or sender get and that notice can be reviewed a lot easier than > > manually checking the hold directory. > > > > John T > > > > > > > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
