I am confused as to how this would work, as BANEXT RAR in EVA will hold those files regardless of the weight.
Has anyone worked out a way to ban small RAR files that would contain the virus, and pass large RAR files that most likely would not? I'm trying to find a work around until Declude figures out how to detect encrypted RAR files. Right now I'm banning all RAR files, then have to go in and manually re-submit the legitimate RAR files that my customers are sending. Gary -------- Original Message -------- > From: "David Barker" <[EMAIL PROTECTED]> > Sent: Friday, April 27, 2007 5:52 PM > To: declude.virus@declude.com > Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude > failures > > You may be able to do something with the MSGSIZE test in conjunction with > AVAFTERJM ON eg. > > SIZE-10MB msgsize 10240 x -50 0 > > David Barker > VP Operations | Declude > Your Email Security is our business > O: 978.499.2933 x7007 > F: 978.988.1311 > E: [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary > Steiner > Sent: Friday, April 27, 2007 4:25 PM > To: declude.virus@declude.com > Subject: RE: [Declude.Virus] More info about encrypted RAR virus and Declude > failures > > It's not that difficult. The legitimate messages with rar attachments are > big (usually 10MB and up) so it's not hard to separate them from the image > spam and common viruses being held in the virus directory. > > As mentioned by Craig in an earlier post, it would be nice if Declude added > the capability to skip banning on files of large size. > > > > -------- Original Message -------- > > From: "John T \(lists\)" <[EMAIL PROTECTED]> > > Sent: Friday, April 27, 2007 3:56 PM > > To: declude.virus@declude.com > > Subject: RE: [Declude.Virus] More info about encrypted RAR virus and > > Declude failures > > > > > Until Declude resolves the issue with BANEXT EZIP, I've had to ban > > > all rar files. Unfortunately some of my customers regularly send > > > rar attachments, so I've had to check the virus hold directory on a > > > regular basis and manually resubmit any false positives there. > > > > > > Gary > > > > Instead of manually checking for legit files, use the BANEXT.eml file > > to send a postmaster message that you get and/or the recipient and/or > > sender get and that notice can be reviewed a lot easier than manually > > checking the hold directory. > > > > John T > > > > > > > > > > --- > > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, just > send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.