This is why I am trying to find out why my rules are catching the SoBig and not the AV...If anyone can tell me how to verify def's are current in V7.10 please do...
I use Imail 8.0 and Mcafee Webshield 4.51R.
First I thought, that mcAfee is not catching SoBig, and Imail is catching them all.
Then I did some checking and it turned out, that McAfee did catch all Sobig, but because the action rule in McAfee was not to DELETE the infected emails but CLEAN them, McAfee deleted the content of the file attachment, made the size of the file zero, and let the remaining of the message through.
Since I changed the rules in Mcafee to delete(quarantine) all infected files, the messages still come through but without attachment, because the DELETE option in McAfee will delete only the attachment but not the whole message.
So now, Imail spam filter is still catching all sobig emails because the header information that contains the original info.
For the sake of people who hasn't looked at IPswitch's support pages recently, here is the link to a solution for filtering out Sobig virus infected emails and the similar return messages with Imail Spam Filter:
http://support.ipswitch.com/kb/IM-20030820-DF01.htm
Geza
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
