> Problem was, he wasn't counting on his filter >catching legitimate mail because other words contained the same pattern >(example would be an e-mail with the word Reliancesoft getting caught >because of letters 5 thru 9).
That is funny, I did something like this last week.. trying to filter file attachments with rules.ima Imails mail filters are very stupid for things like that. tried to stop some common executable files. .pif .scr .com and .bat etc.. etc.. only problem was that any email sent with an email address in the body was bounced because of the ".com" in the body.. (Think email footer), .bat was caught by someone with a name like joe".bat"[EMAIL PROTECTED] You get the picture. I thought I was doing it wrong until one of the techs at ipswitch mailed me copies of a rules.ima file that it listed exactly like i did. Lucky for me I didn't delete the mail but had it re-directed to me (just in case). When I got 50 emails within the first 2 minutes I realized it was producing false positives. -----Original Message----- From: Curtis Faulkner [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 5:02 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] ScanMail Message: To Recipient Match eManager setting and take action. Let me present a scenario: There once was an admin (actually there have been many) who had used a e-mail filter to attempt to stop a company's confidential information leaks on the outbound path (which is what this looks like to me). Unfortunately, the poor fella didn't pay attention to the limitations of his filtering package, which wasn't meant for any kind of AI scanning, only pattern recognition. He set it to bounce all mail containing the unique name of a secret project, let's call it Ances) and notify the recipient that the mail bounced (thus, in his eyes, making any willing recipient of confidential information somewhat leery of further attempts). Problem was, he wasn't counting on his filter catching legitimate mail because other words contained the same pattern (example would be an e-mail with the word Reliancesoft getting caught because of letters 5 thru 9). I don't know how Trend's product does its content filtering, but if this type of scenario is possible, it could just be the mail admin trying to send a message to the list. Maybe if that is the case, they will sign up for a free-mail account somewhere, subscribe that account, and e-mail from there if they think this list can help somehow. Then again, I could be (and usually am) completely off-target. -Curtis On Friday, December 20, 2002, at 03:51 PM, John Tolmachoff wrote: >> It seems that someone is running a poorly designed spam filter of some >> sort, that has caught several messages here. > > Trend Micro ScanMail for Exchange Server. > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > --- > [This E-mail scanned for viruses by Declude Virus] > --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
