Re: [Declude.Virus] Feature request: DELETEVIRUSNAME automagic

[Matt]

I thought that AV false positives can occur with definitions for known virus names.  In other words, if a message gets tagged as Bagle, it might be legit 0.00001% of the time.  So would this really be a complete solution? Matt Colbeck, Andrew wrote: Markus would find this handy (as would other die-hards who are often see to post in this forum) and would be willing to maintain a small list of entries for which he would like this behaviour. However, in addition to the FORGINGVIRUS DNS lookup feature that Declude already implements*, perhaps they would be interested in also implementing a DNS lookup feature for known virus names that customers could just delete out of hand. This would of course require ongoing maintenance on their part, and trust from their customers. Declude would provide a new switch to govern this behaviour, which would default to OFF, e.g. AUTODELETEKNOWNWORMS ON Thus, Markus would be satisfied with being able to manually pick and choose which virus families to delete, and administrators who want less hands-on involvement could turn ON this feature to save disk space. *The existing feature exists to skip email notification when the scanner engine returns the name of a known virus/worm that Declude knows forges the MAILFROM. The FORGINGVIRUS xxxxx feature is a manual version of this feature that lets the Declude customer add in more viruses. As far as I know, Declude.com does not keep a public list of the virus names that they test for via DNS. Please correct me if I'm wrong on any of this. Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Markus Gufler Sent: Wednesday, January 25, 2006 2:37 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] Feature request: DELETEVIRUSNAME Maybe someone has already requested it: Why not allow commands like DELETEVIRUSNAME Netsky DELETEVIRUSNAME Bagle ... in the virus.cfg file? I won't and can't delete all viruses on our server because there is always the possibility that a scanner is catching something as "suspicious" or "generic" But commands to delete certain virusnames should be very easy to implement and allow us to eliminate > 95% of all hold viruses on out servers. Markus --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.