We've had a few false positives (or non-RFC compliant messages) that don't really contain viruses and do contain valid and needed info. These messages were flagged as containing one of the Outlook vulnerabilities. It very well could be a bad mail client or server and those should be corrected, but because of this situation and possible ones like this I can't set Declude Virus to delete messages it flags as containing viruses.> >It is already there. Check the manual at > www.declude.com/virus/manual.htm. > I'm either missing what you are referring to or it isn't there, or I am > wrong on what the current order of execution is. Could you be more > specific > as to which option you are speaking of?
Sorry, my bad. It is actually in the JunkMail manual. http://www.declude.com/junkmail/manual.htm
> >Absolutely Bad! 99.5% or better of virus infected messages have no legit > >content. There is no reason to deliver them. They should only be > >quarantined. > "Absolutely Bad" is kind of strong. Maybe I didn't explain my reasons. I > would like to be in more control of the filtering just like we are with > JunkMail. It's a big jump to just start deleting messages without allowing > our users any control. If we had the options to > filter/delete/notify/etc... just like in JunkMail then we would set up > defaults for everybody and let them change those over time as needed. Most > won't change the options we set but some might. Also, some e-mails might > fail some of the "Outlook" vulnerabilities but not necessarily contain a > virus, so how am I to know for sure if it really contains a virus? So, how > do I know if it falls into the 99.5% category you mentioned if I don't > know > if it really contains a virus? Granted, most of those messages are > probably > spam but I don't know for sure. I guess you can say I'm on the paranoid > side of not wanting any false positives.
Nothing is too strong a word for viruses. Why would you ever think about allowing to pass a message infected with a virus? All that have been seen are bogus messages, and would server no purpose to the recipient at all, even if cleaned. End Users should have no control over this, as most can not even keep their AV up to date and will open an e-mail just because it says it is from support or admin. To date, no virus is using the vulnerabilities, but lots of spam does. Declude Virus has plenty of options available in it right now, what with the different notifications, banning extensions, detecting forging viruses and such.
As far as the question about how do I know, that is where notifications come in. There notifications for virus infected messages, notification for vulnerabilities, for banned extension. Example, on vulnerabilities, the notice goes to the sender, recipient and myself. Then, if the recipient wants it, he sends a message and I then requeue it for delivery. If it becomes a pattern, we communicate with the sender to fix the problem.
We want to minimize the number of notifications but still have the tests run. That's why I'd like to combine the Virus test with the JunkMail test. If McAfee's scan detects a virus then we'd probably just delete the message. If we have an Outlook vulnerability and a fairly high spam score then we'd probably just delete the message. If we have an Outlook vulnerability and a very low spam score then maybe we'd just move that to an individual's PossibleSpam/PossibleVirus folder (which gets automatically cleaned out periodically if the user doesn't manually clean it out).
I don't want to throw away false positives and I don't want our mail admin to have to look through all messages flagged by Declude Virus because that could possibly take a lot of time. And I don't want our users to be flooded with virus notifications when JunkMail used to catch many of the messages and had such a high score that we decided it was safe enough to delete without notification. If we decrease the number of messages that the mail admin has to manually look through then that would be good.
So the "AVAFTERJM ON" may be sufficient but it would still be nice to optionally have Virus run without quarantining, then run JunkMail and take care of deleting/filtering the message there.
John Tolmachoff Engineer/Consultant/Owner eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus]
--- [This E-mail scanned for viruses by Declude Virus]
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
