Love the automatic detection of forging viruses. When the feature is enabled, I assume it will automatically suppress sending of the sender.eml notification?
Yes. It will automatically suppress the sender.eml and otherpostmaster.eml files, plus any .eml files that have a "SKIPIFFORGING" line in them.
How else will Declude behave differently when a forging virus is detected?
That's all that will happen right now. However, we do expect to hook it into the "FORGINGVIRUS" option in the virus.cfg file, so that the E-mail address of the sender can automatically be changed to "[forged]".
Out of curiosity, how does Declude use DNS to check for a forging virus?
It uses a technique similar to spam database lookups. If I send you the W32/[EMAIL PROTECTED] virus from the IP 192.0.2.101, a DNS lookup for 192.0.2.101.W32/[EMAIL PROTECTED] will be looked up at our forging.declude.com DNS server. A response of 127.0.0.2 indicates a forging virus. The DNS server does its best to deal with all variations of virus names, and ensuring that future variants (such as W32/[EMAIL PROTECTED]) will automatically be treated as a forging virus.
The IP of the sender of the virus is included so that we can notify Internet providers of IPs that are sending viruses.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
