I tested SKIPIFVIRUSNAMEHAS Encrypted .ZIP file Works fine, even though I cannot use it, because there is only one banext.eml
It would be nice to have more than banext.eml, like banext1.eml, banext2.eml ... so we can customize some of those to our needs ----- Original Message ----- From: "Dave Marchette" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 13, 2004 12:48 AM Subject: RE: [Declude.Virus] How to set no notifications for Encrypted zip? Agreed. It is becoming increasingly essential to have a more flexible notification mechanism. -----Original Message----- From: Matt [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 5:46 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] How to set no notifications for Encrypted zip? R. Scott Perry wrote: > It can't be added, as it isn't a virus name. It isn't possible to > skip banned file notifications based on certain information. I would > recommend deleting the \IMail\Declude\BANnotify.eml file (or renaming > it to have an extension other than .eml). Scott, this is not a reasonable solution, bouncing the BANnotify message would be better. I am probably bouncing about 0.5% of my total traffic to a combination of banned file names (DELETED0.TXT) and these password protected zips. All of these bounces are unwanted, and I even bounced one to a virus that forged my own account. If I was to turn off BANnotify, then I am going to get myself into big trouble with my clients for blocking the occasional legitimate script or executable without any sort of notification. This just simply isn't an option. I suggested a work around this morning. Though I don't expect a fix immediately, the BANNAME issue has been around for a while, and it produces a significant amount of unintended bounce traffic on it's own. I believe that you can fix this easily by allowing for the following variables for notifications: 1) Allow us to specify different extensions for different types of blocks, i.e. BANZIP EXE BANEZIP EXE BANEXT EXE BANNAME DELETED0.TXT 1) Populate a variable for different names for different blocked extensions/names, i.e. BANEXT-[extension] BANZIP-[extension] BANEZIP-[extension] BANNAME-[file name] 2) Allow these variable names to be tagged along with viruses, i.e. ONLYSENDIFBANHAS SKIPIFBANHAS This I believe would allow us to handle any extension blocked by any of the 4 different means with unique messages if need be, and the implementation is fairly straightforward. For instance, if you wanted to handle EZIP's with an EXE, SCR, BAT, COM or PIF within it with a message to the recipiant instead of the sender, you would do the following: ONLYSENDIFBANHAS BANEZIP-EXE ONLYSENDIFBANHAS BANEZIP-SCR ONLYSENDIFBANHAS BANEZIP-BAT ONLYSENDIFBANHAS BANEZIP-COM ONLYSENDIFBANHAS BANEZIP-PIF If you were only blocking those five types within EZIP's, then you could actually shorthand it with the following: ONLYSENDIFBANHAS BANEZIP If this doesn't make perfect sense, then I'm on crack :) Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
