that is great to know, I will experiment with the filename= value.
Good point on the log file, however if the message and attachment have
already gone to NULL, it's gone forever and may never have been a virus
infected message or file at all.
At 05:58 PM 05/14/2000 -0400, you wrote:
>April,
>
>Your log files keep a pretty accurate record of all SMTP activity and when a
>message gets sent to NULL, both the sender and recipient addresses get
>logged. I do it that way so I don't have to keep up with a mailbox that may
>get 1000's of msgs a day. Plus, I didn't want to worry about the Imail
>utility to automatically propigate my users mailboxes with .fwd files. The
>rules I currently have setup are:
>
>S~ILOVEYOU:NUL
>S~LOVELETTER:NUL
>B~kindly check the attatched LOVELETTER coming from me.:NUL
>B~filename=".*\.vbs":NUL
>B~filename="AE.KAK":NUL
>
>The "filename" I am told distinguishes the msg from the attatchment. Not
>sure if this is accurate though.
>
>
>
>----- Original Message -----
>From: april <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Sunday, May 14, 2000 11:53 AM
>Subject: [IMail Forum] Filtering for Viruses
>
>
>> I created a rule within the IMail Administrator - not using an external
>file. It looks only at the body text:
>>
>> \.vbs
>>
>> and another rule \.exe
>>
>> I do NOT fwd to NUL because I want to know WHO sent a virus, IF it was
>indeed a virus etc. So I forward to a mailbox called suspect. We usually
>help our customers to notify the person who sent the virus that they are
>infected.
>>
>> Worse - Imail seems to improperly handle the rules sometimes if there is
>ANY kind of attachment. This is even mentioned in the IMail manual, I
>beleive. It may falsely trigger the rule if there is an attachement.
>>
>> It would be an excellent feature if IMail would add the ability to filter
>by characters or patterns in the attachment file name... why no field for
>this???
>>
>> My filter is triggered by all discussions OF the .vbs viruses but I can
>live with this... it sure would be nice to be able to surgically target only
>actual attachments.
>>
>> Anyway, what I do is drop a suspect.fwd file into every user folder for
>every virtual domain...leading to a single suspect mailbox which I pop.
>There is no message left in the user's box area. If I determine that the
>mail didn't contain a virus, I transfer it into the users box.
>>
>> I would really advise against forwarding to NUL, unless your rule is of a
>type that cannot be falsely triggered.
>>
>> Given that all email borne viruses could be stopped at the server level,
>if only we had the ability to filter all executables out reliably - I think
>IMail and all mail server software providers should make this available
>ASAP!
>>
>> - April
>>
>>
>>
>>
>>
>>
>> Please visit http://www.ipswitch.com/support/mailing-lists.html
>> to be removed from this list.
>>
>
>Please visit http://www.ipswitch.com/support/mailing-lists.html
>to be removed from this list.
>
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
