Before I consider this feature further, let me doublecheck.
If a mail fails the vulnerability check AND a virus check, but has an EML template with "ONLYSENDIFVIRUSNAMEHAS" - will the notification be sent or not? Example:
When Declude Virus detects both a vulnerability and a virus, Declude Virus should handle it as if it just contained a virus.
12/11/2003 15:40:24 Qd6020076008c5842 Outlook 'MIME Header' Vulnerability: type=audio/x-midi, name=hbxxo.exe.
12/11/2003 15:40:27 Qd6020076008c5842 Scanner 1: Virus= application Exploit-MIME.gen.c. Attachment=[HTML segment] [13] I
12/11/2003 15:40:27 Qd6020076008c5842 File(s) are INFECTED [ application Exploit-MIME.gen.c.: 13]
12/11/2003 15:40:28 Qd6020076008c5842 Scanned: CONTAINS A VIRUS [MIME: 2 106767]
If I have a "SKIPIFVIRUSNAMEHAS" for the sender.eml but a
"ONLYSENDIFVIRUSNAMEHAS" for a vulnerability.sender.eml,
Will the above scenario send 1 email (the vulnerability.sender.eml) or 0 emails (because the "infection" by a virus overrides the vulnerabilty status)?
That depends on what you have in the there. If you have "ONLYSENDIFVIRUSNAMEHAS vulnerability", it should not be sent if a virus is detected (even if a vulnerability is also detected), and if you have "SKIPIFVIRUSNAMEHAS vulnerability", it should be sent if a virus is found.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
