Here is what I finally discovered:
Let me take the example of filtering the files with com extension.
I have the rule like this (without + signs)
B~n+ame=".*\.c+com":Virus
Now this rules will catch all the mails with com file attachments.
This rule looks for the txt n+ame=" then followed by any no. of characters,
then a dot followed by com and double quotes.
Now the inherent problem:
If I send a mail with following text:
any text here
name="any text again here" then other text
some here too
finally it has to end somewhere "somedomain.c+om" bla bla
ok
(plus sign inserted for this message to get through)
This is caught by the rule and thus sent to the virus box!!!
Obviously because the text name=" is somewhere followed by the text .c+om".
If you have a look at the messages that are in HTML formaat, this type of
combination in the text (HTML code) is very common and thus the mails which
are free from any com attachments also get filtered with this rule.
Does anyone have any suggestions for the improvement of this rule so that
legitimate mails do not get filtered out?
__________________
Ajay Tikoo
Zerowait Computers Inc.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
