>Recently, my Imail server has detected two worms, they are :
><mailto:W32.Klez.E@mm>W32.Klez.E@mm and
><mailto:W32.Magistr.24876@mm>W32.Magistr.24876@mm
Are these worms ON your server, or worms that were sent to/from one of your
users?
If they are worms on your server, you've got a lot of work ahead of you
(first of all is determining how you got infected).
>Knowing that this worms spreaded by .HTM files so i banned it in my Imail
>Config File.
Actually, I don't believe either of those viruses spreads with .HTM
files. But either way, banning .HTM files through IMail rules is very
tricky (you have to be careful not to prevent HTML MIME segments, or you'll
lose most of your E-mail, because Outlook will send a copy of the E-mail in
HTML even if there is no HTML in the E-mail).
>The next day, most of my users complain that they can not receive the mail
>from others and vice versa.
It sounds like you were catching all the HTML MIME segments, as well as
.HTM files.
>My questions are :
>1. Is all this problem caused by the worms? If yes, how to solve it?
We'll need more information about the problem. Since some of the worms
were detected, but not all, it sounds like you have a worm running on the
server that is sending out .HTM files, is that the problem?
>2. Is all this problem caused by .HTM ban?
Probably. Most E-mail has HTML in it, even if it is a plain text
message. For example, almost every E-mail that I send it just plain text
(I type in words, I never underline or bold or "colorize" or anything
else), but if I was using Outlook it would still send an HTML copy.
>3. How can i make IMail to resend all my messages which i cut and paste
>into spool folder from virus folder?
That isn't going to be easy. You'll need to rename them to begin with a
"D" and end with ".SMD", and create a matching Q*.SMD file that is in the
correct format (it's undocumented, but easy to figure out if you look at
other Q*.SMD files).
At least you didn't delete all the mail. I got a nasty E-mail yesterday
from someone who was mad that I didn't respond to him in two weeks, but the
problem is that the E-mail I sent him was deleted on his server. Now I
have to either forget about the customer, or play games sending shorter and
shorter E-mails until they bypass his filter (which is what I'm trying to do).
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
