|
A couple of people have been asking me how to
stop AVP from sending virus warning messages to the forged sender address that
the MyDoom virus claims to come from.
This is a reminder that at present, the way one
does this is to add the virus name, as it appears in the generated scanning
engine output, to the list of "Virii that Forge Return Addresses" pull down list
on the "Scan Engine" tab in the AVP Control Panel.
For instance, if you are using the
eTrust virus scanning engine, you will notice that the warning message
"details" information that appears in the body of the warning message generated
by AVP looks like this:
----->
eTrust EZ Antivirus Version
6.1.1.2
Started scanning: 8:37:05 AM, 2/4/04 Major dat file v4008 Minor dat file v5201 Macro data file Feb 4 2004 (VMD Ver 1.6) Scanning file(s)... AVP64DD.tmp - ZIP.Mydoom.A worm. AVP64DF.tmp - Win32.Mydoom.A worm. Finished scanning: 8:37:05 AM, 2/4/04 Number of files scanned: 2. Number of infections: 2 Number of infected files not cleaned/deleted/renamed: 2 AVP64DD.tmp (ZIP.Mydoom.A worm) AVP64DF.tmp (Win32.Mydoom.A worm) ------> Thus, if one adds "Win32.Mydoom.A" to the "Virii
that Forge Return Addresses" AVP config pull down list and click Apply, AVP will
no longer send warning messages to the "Return-Path" of record of infected
messages received by EMWAC IMS for this virus. This is highly recommended
to avoid confusion and to stop AVP from generating unnecessary e-mail warning
message traffic, typically to forged addresses.
-- Eric HElfgott
|
- AVP - reminder Zaxalon Webmaster
- Re: AVP - reminder Alan Fiebig
- RE: AVP - reminder Randy Brukardt
- RE: AVP - reminder Alan Fiebig
- Re: AVP - reminder Marco Antonio Peña Corona
- RE: AVP - reminder David Kosik
- Re: AVP - reminder Marco Antonio Peña Corona
- Re: AVP - reminder Zaxalon Webmaster
