Mitch, You can modify the notification emails to skipp virus' that are known to forge the senders address. In the Declude subdirectory you will find files with a .eml extension. Open those files using notepad and insert the skipifvirusnamehas (name of virus) at the top of the email. Make sure that there are no extra lines between the last skip line and the top of the email or you will get an error in the log about no recipient. Here are some of the entries that I have in mine, add and subtract as neccessary.
SKIPIFVIRUSNAMEHAS Sobig SKIPIFVIRUSNAMEHAS Mimail SKIPIFVIRUSNAMEHAS Yaha SKIPIFVIRUSNAMEHAS Lentin SKIPIFVIRUSNAMEHAS Magistr SKIPIFVIRUSNAMEHAS Klez SKIPIFVIRUSNAMEHAS Vulnerability SKIPIFVIRUSNAMEHAS Bugbear SKIPIFVIRUSNAMEHAS Bridex SKIPIFVIRUSNAMEHAS Braid SKIPIFVIRUSNAMEHAS Sobig SKIPIFVIRUSNAMEHAS Palyh skipifvirusnamehas bagle From: [EMAIL PROTECTED] To: %ALLRECIPS% Hope this helps Gene ---------- Original Message ---------------------------------- From: "Mitch Hegstad" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Wed, 3 Mar 2004 10:22:38 -0600 >This is my second message on performance issues. Following is feedback >I received from an administrator at our host. >I simply asked for feedback on declude - > >Yes, it should work. Just be careful when you set it up. Alot of >administrators that use Declude have it set up to send virus >notifications to any sender that sent a virus. The problem is, the >address of the sender is not necessarily the same address the message is > >sent from. Our postmaster account gets these notifications all the >time, usually with some sort of snarky message about how we need to >improve our virus scanner, when we actually had nothing to do with the >infected message. > >You'll probably also see a slight increase in processing time. Usually, > >scanners like this run the virus scanner on each individual message that > >comes in. This causes a large increase in CPU usage and IO time. >Normally, this isn't anything to worry about, but is still something to >be aware of. When we used a similar system, our delivery times went >from 1 second without scanning to as long as 1 minute. > >I'm concerned with the disk i/o. Although we have some spare cpu >cycles, our disk use % often hovers around 40%. An increase in disk i/o >could open a whole can of issues. > >Any feedback welcome, > >Mitch > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
