Then I did some checking and it turned out, that McAfee did catch all Sobig, but because the action rule in McAfee was not to DELETE the infected emails but CLEAN them, McAfee deleted the content of the file attachment, made the size of the file zero, and let the remaining of the message through.
FYI, it is STRONGLY recommended that mailserver AV programs do NOT deliver E-mails that have/had viruses. This can spread confidential information! For example, some viruses pick a file from the hard drive to send along with the attachment.
Since I changed the rules in Mcafee to delete(quarantine) all infected files, the messages still come through but without attachment, because the DELETE option in McAfee will delete only the attachment but not the whole message.
That's very odd. You should check the settings in McAfee. Unless you're running a really old version, it should be able to block them.
> For the sake of people who hasn't looked at IPswitch's support pages recently, here is the link to a solution for filtering out Sobig virus
> infected emails and the similar return messages with Imail Spam Filter: http://support.ipswitch.com/kb/IM-20030820-DF01.htm
FYI, beware that that URL says "THESE STEPS WILL BLOCK ALL SCR AND PIF FILE ATTACHMENTS" -- but that is *NOT* the case. It will block many, but not all (depending on both the encoding method used and the formatting of the headers).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
