RE: [Declude.Virus] netsky p ?

[Markus Gufler]

Yes I know about the ANTI-AV filter I use them with good success.   But there are certain messages that doesn't contain something like   "AV-Engine XYZ has re-moved (or de-techted) the vi-rus ABC"   in the body or subject. This messages will have the complete orginal content (often random content by viruses) and if another AV-engine has removed or also only renamed the maliciuos file then we can't detect it.   Nevertheless this messages are useless and annoing. So the only way to catch it is the static filename of the renamed or replaced attachment.   Markus     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, March 24, 2004 5:39 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] netsky p ? Markus Gufler wrote:   Anyone else has seen other attached information files about removed viruses and can share it? Markus There's a handy file that I have been using for JunkMail that clears up a lot of this stuff.  The Norton bounces for instance are tagged in the headers if I'm not mistaken.  After a period of adjusting, it doesn't seem to be causing many FP's, only a couple of points whenever people are discussing viruses, but that's about it now.  The filter is called ANTI-AV and it's located in the beta section of my site:     http://www.mailpure.com/software/decludefilters/beta/  I haven't been paying a lot of attention to updating the filter recently, but I have a null sender capture file with over 2,000 messages that I can scrounge through sometime.  You are all welcome to help as well :) Currently I prefer the filter over the BANNAME blocking because this stuff keeps getting bounced under the current config, though in not large numbers (maybe Road Runner finally figured out that I don't want their damned cleaned attachments for forging viruses).  I do though have another addition for your list:     BANNAME        mailsecurity.txt Matt -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================