I created a rule within the IMail Administrator - not using an external file. It looks
only at the body text:
\.vbs
and another rule \.exe
I do NOT fwd to NUL because I want to know WHO sent a virus, IF it was indeed a virus
etc. So I forward to a mailbox called suspect. We usually help our customers to notify
the person who sent the virus that they are infected.
Worse - Imail seems to improperly handle the rules sometimes if there is ANY kind of
attachment. This is even mentioned in the IMail manual, I beleive. It may falsely
trigger the rule if there is an attachement.
It would be an excellent feature if IMail would add the ability to filter by
characters or patterns in the attachment file name... why no field for this???
My filter is triggered by all discussions OF the .vbs viruses but I can live with
this... it sure would be nice to be able to surgically target only actual attachments.
Anyway, what I do is drop a suspect.fwd file into every user folder for every virtual
domain...leading to a single suspect mailbox which I pop. There is no message left in
the user's box area. If I determine that the mail didn't contain a virus, I transfer
it into the users box.
I would really advise against forwarding to NUL, unless your rule is of a type that
cannot be falsely triggered.
Given that all email borne viruses could be stopped at the server level, if only we
had the ability to filter all executables out reliably - I think IMail and all mail
server software providers should make this available ASAP!
- April
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
