April,
Your log files keep a pretty accurate record of all SMTP activity and when a
message gets sent to NULL, both the sender and recipient addresses get
logged. I do it that way so I don't have to keep up with a mailbox that may
get 1000's of msgs a day. Plus, I didn't want to worry about the Imail
utility to automatically propigate my users mailboxes with .fwd files. The
rules I currently have setup are:
S~ILOVEYOU:NUL
S~LOVELETTER:NUL
B~kindly check the attatched LOVELETTER coming from me.:NUL
B~filename=".*\.vbs":NUL
B~filename="AE.KAK":NUL
The "filename" I am told distinguishes the msg from the attatchment. Not
sure if this is accurate though.
----- Original Message -----
From: april <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 14, 2000 11:53 AM
Subject: [IMail Forum] Filtering for Viruses
> I created a rule within the IMail Administrator - not using an external
file. It looks only at the body text:
>
> \.vbs
>
> and another rule \.exe
>
> I do NOT fwd to NUL because I want to know WHO sent a virus, IF it was
indeed a virus etc. So I forward to a mailbox called suspect. We usually
help our customers to notify the person who sent the virus that they are
infected.
>
> Worse - Imail seems to improperly handle the rules sometimes if there is
ANY kind of attachment. This is even mentioned in the IMail manual, I
beleive. It may falsely trigger the rule if there is an attachement.
>
> It would be an excellent feature if IMail would add the ability to filter
by characters or patterns in the attachment file name... why no field for
this???
>
> My filter is triggered by all discussions OF the .vbs viruses but I can
live with this... it sure would be nice to be able to surgically target only
actual attachments.
>
> Anyway, what I do is drop a suspect.fwd file into every user folder for
every virtual domain...leading to a single suspect mailbox which I pop.
There is no message left in the user's box area. If I determine that the
mail didn't contain a virus, I transfer it into the users box.
>
> I would really advise against forwarding to NUL, unless your rule is of a
type that cannot be falsely triggered.
>
> Given that all email borne viruses could be stopped at the server level,
if only we had the ability to filter all executables out reliably - I think
IMail and all mail server software providers should make this available
ASAP!
>
> - April
>
>
>
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
