Hi; Just in case Scott is taking a day off...
The way we do this is by first adding: FORGINGVIRUS Braid FORGINGVIRUS Bridex FORGINGVIRUS Bugbear FORGINGVIRUS Hybris FORGINGVIRUS Lentin FORGINGVIRUS Klez FORGINGVIRUS Magistr FORGINGVIRUS Sobig FORGINGVIRUS Vulnerability FORGINGVIRUS Yaha FORGINGVIRUS Fizzer FORGINGVIRUS Palyh To the virus.cfg This will define which are forged therefore the email address of the sender is replaced by [forged] in the alert. Then in the sender.eml and otherpostmaster.eml we have: SKIPIFVIRUSNAMEHAS Yaha SKIPIFVIRUSNAMEHAS Lentin SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Bugbear SKIPIFVIRUSNAMEHAS Bridex SKIPIFVIRUSNAMEHAS Braid SKIPIFVIRUSNAMEHAS Sobig SKIPIFVIRUSNAMEHAS Palyh So in essence I think what this does is it first replaces the forged email and then if it is to send the alert it will skip it if it sees it. Of course it would be more efficient if both actions where done by one listing but I guess this way it gives you more freedom. Regards, Kami -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Saturday, July 05, 2003 6:21 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] FORGING VIRUS sorry if this is a trivial question, but is there a skipifforgingvirus option ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
