Jeff and Matt,
Thanks for the advice, however I'm already blocking certain attachments (via
BANEXT). Also, these particular attachments aren't encrypted archives (I'm
blocking those too via BANEXT EZIP / BANEZIPEXTS ON). In this case the
virus itself appears to be Base64 encrypted.
I was kinda
Thanks for the advice, however I'm already blocking certain attachments (via
BANEXT). Also, these particular attachments aren't encrypted archives (I'm
blocking those too via BANEXT EZIP / BANEZIPEXTS ON). In this case the
virus itself appears to be Base64 encrypted.
The virus is listed as
Hi Scott,
Thanks for that clarification. That gives me some slight relief that McAfee
isn't completely falling down.
However, that brings to mind a different question. If Symantec thinks that
it's detecting E-mail headers generated by the virus and triggering on them,
then how come when I
Beginning using the banned extension option with Declude (see virus.cfg).
Then any attachment with a .SCR or whatever is blocked at the server level
and the user doesn't see it. This is the way I have our server configured
concerning banned file extensions and banned file names:
BANEXT
It's important to specify in this instance that in order to detect
encrypted archives (ZIP's or RAR's) one needs to be using the most
recent interim release, 1.79i9 and you can't be running Declude Virus
Lite (Scott would also mention having a current support contract).
I would add Mailpure's ANTI-AV filter to elinate these bounces.
I've also seen that F-Prot does a slightly better job of catching the corrupted
variants than Mcafee.
[EMAIL PROTECTED] 6/12 4:22p
Beginning using the banned extension option with Declude (see virus.cfg).
Then any attachment