You can increase the score for MICROSOFT_EXECUTABLE to something over your threshold, as a temporary measure. This catches new virus types before the AV vendors even know about them. It also prevents innocent executable attachments from going through, so a quarantine / review process is a good idea if you use it long term.
Pierre Thomson BIC -----Original Message----- From: Bill Randle [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 2:26 PM To: Martin Lyberg Cc: '[EMAIL PROTECTED]' Subject: Re: Bagle.B virus Martin Lyberg wrote: >Hi, > >Since a few hours back i'm recieving mails containing the new Bagle.B virus. >I'm using a RH9 box with Postfix and SA and relaying mail for a Exchange 5.5 >mailserver. > >The virusmail is spoofing our adressess. Virusmails are recieved from a >infected computer somewhere in the world. But the sender and recipient are >users in our directory. > >How can i reject these messages before they're relayed to our >Exchangeserver? > > Install ClamAV anti-virus software on the RH box. I use amavisd-new with Postfix to integrate virus scanning and spam filtering. Works great! -Bill
