In short, I recommend not using Anomy. I'd like for it to work and work well with minimal collateral damage.
I've actually kept Anomy in our filter, though under very limited circumstances:
If a virus is detected that is NOT a known mass-mailer (i.e. starts with "Worm.", ends with "@mm", or matches a small list of mass-mailers whose names don't fit the pattern), AND the message contains an HTML portion, then I run Anomy after quarantining the attachment. (If it *is* a mass-mailer, I just quarantine & discard the message.)
I'm not sure it's worth keeping around - I'm not sure it's even hit that function in ages, since there's no log directive associated with it - but it *does* avoid collateral damage.
Kelson Vibber
SpeedGate Communications <www.speed.net>
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang