To anyone using global rules for filtering attachments, we have added a
couple of extensions to include the sircam worm which is carried in
attachment payloads with the extensions com,bat,lnk&pif.
Our global rules now look like this:
B~(name=".*\.ext1"\s|name=".*\.ext2"\s|name=".*\.ext3"\s|...and so
on):quarantine
B~(begin 6.*\.ext1\s|begin 6.*\.ext2\s|begin 6.*\.ext3\s|...and so
on):quarantine
where extn = vbs,shs,scr,pif,exe,com,bat,lnk
As documented in the Knowledgebase, these rules send all filtered message to
the folder "quarantine," and each user has a forward file that sends all
quarantine message to the "virus" account which is monitored for false
positives (rare in our experience).
As alway, testing is advised. User discretion advised. Your mileage may
vary.
Michael
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
