Hi, I'm using IMail Server v. 6.05 and have been using some global filters (rules.ima in the IMail folder) to redirect messages with suspect file extensions for all my users to a single "virus" account (all users have a quarantine.fwd file which points to "virus"). These rules have the syntax B~(name=".*\pvbs|name=".*\pshs|name=".*\pscr):quarantine B~(Begin 666.*\pvbs|Begin 666.*\pshs|Begin 666.*\pscr):quarantine The first rule filters MIME attachments, characterized by the string name="filename.ext" while the second rule filters Uuencoded attachments, characterized by the string Begin 666 These rules had been working well in testing, yet I received yesterday's IMail Listserve Digest containing the Kournikova worm despite the rule. Further testing seems to indicate that the rules will not work if the filtered string occurs past a point about 25K - 30K into a message (as was the case with this worm-laden Digest). I'm wondering if anyone could confirm (or refute) this apparent flaw in rules filtering? Michael -- Michael Ernst Computer Systems Administrator The Woods Hole Research Center http://www.whrc.org -- Webmaster Instituto de Pesquisa Ambiental da Amazonia http://www.ipam.org.br Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
