has someone run the testvirus.org tests against imail too? (http://www.testvirus.org)
AFAIK, Declude Virus blocks them all.
they have a suite with 25 virus-tests and we did two test runs:
imail (mxguard/fprot): 5, 20, 21, 22, 23, 24, 25
imail (viruswall): 5, 17, 20, 21, 23, 24, 25
Interesting. This is why it is important to either buy AV software from companies with a lot of E-mail experience, or accept any limitations in other software. No offense is intended to the other products, but if they can't catch a known mailserver vulnerability, new viruses will slip through undetected until the actual program is updated (even if the AV engine is aware of the virus). So it could be weeks or even longer before they start to detect a new virus, rather than just hours. It takes much, much longer to re-write a MIME decoder than it does to add virus definitions for a single virus (that's assuming that the MIME decoder is their own, and they aren't just licensing someone else's, which they may not have access to the source of).
the numbers are showing the failed tests. (20 - 23 are viruses in .zip files, these could be blocked easily by a delivery rule)
Actually, you are wrong about 20-23! Although those files technically contain .ZIP files, they may not be visible by a filter/rule. The problem with those tests are that they contain vulnerabilities, and if the vulnerability cannot be detected, the virus usually cannot either. You would need to have a thorough understanding of the vulnerability to know whether or not it could be blocked with a filter/rule.
i do not completely understand tests 24 and 25, has anyone got to block them?
#24 is a recently discovered vulnerability that takes advantage of an old protocol to bypass mailserver virus scanning. In the old days, after people started sending files through E-mail but while E-mails were limited to 50K each, a protocol was developed that allowed people to split attachments among several E-mails. This was great at the time, but since there is no realistic size limitation to E-mail these days (aside from policies), there is no need for splitting up attachments among multiple E-mails. Since they bypass mailserver virus scanners, they need to be blocked as a vulnerability.
#25 will force Windows to use a specific program to open a file. The filename appears as something like "filename.txt.{CLS_ID_GOES_HERE}". Windows will display the filename as "filename.txt", but start some other program to run it. So you can have an executable file that appears to be a safe .txt file. Because of this, these E-mails really should be blocked (although this one isn't quite as important, as a known virus will be caught as soon as virus definitions are updated, unlike the other vulnerabilities).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
