In version 2.0+ ALLOWVULNERABILITIESFROM option instructs Declude Virus to allow vulnerabilities from a specific E-mail address or domain.
Details: A line such as ALLOWVULNERABILITIESFROM @ual.com will force Declude Virus to bypass vulnerability detection if an E-mail is sent from @ual.com. This works with a partial match on the return address, so just "ual.com" would also match "[EMAIL PROTECTED]". "Allowing a user to send vulnerabilities" Occasionally, legitimate mailers will send out E-mails with vulnerabilities. Usually, they stop doing so quickly, as any up-to-date mailserver virus scanner should block their E-mail. The best thing to do if this happens is to contact the sender, and get them to fix the problem. However, in the rare cases where this is not possible, you can instruct Declude Virus to allow the user to send vulnerabilities. To do so, you can add a line such as "ALLOWVULNERABILITIESFROM [EMAIL PROTECTED]" to your Imail Declude virus.cfg file. In this case, it would allow any vulnerabilities from [EMAIL PROTECTED], while not allowing detected viruses from [EMAIL PROTECTED] That means that a virus not using any mailserver AV vulnerabilities would get caught, but a virus that does use a mailserver AV vulnerability might not be caught. This is a big risk, but there is no risk-free way to allow someone to send potentially dangerous E-mail. David B www.declude.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Thursday, March 24, 2005 3:13 PM To: [email protected] Subject: [Declude.Virus] BANCRVIRUSES OFF for 1 Domain Hello, All, An e-mail hosting customer is complained because some e-mails were blocked by Declude AV with the "Outlook 'Boundary Space Gap' Vulnerability". I know we can use "BANCRVIRUSES OFF" in \IMail\Declude\virus.cfg to turn this off but I also assume that this will turn it off for all domains. Is there a way to turn these off for one domain or set of domains? We are currently running Declude 1.82. Thanks In Advance, Dan Geiser [EMAIL PROTECTED] ------------------------------------------------------------------- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. __________ NOD32 1.1034 (20050324) Information __________ This message was checked by NOD32 antivirus system. http://www.nod32.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
