The routing rules are blocking all/most unsafe attachments, ie; .com, .exe, .vbs, etc.. etc.. We have several rules for each type of attachment based on what we have seen slip through. One of the rules we had for .com was blocked mail because it trapped the persons email address as if it were an attachment, so we removed that particular rule. Now there are only 2 rules for .com instead of 3 like the others. My statement about .net or .org was that the only rule that could have been confused as a attachment was the .com. As for .net .org etc... these wouldn't even be in the routing rules.
Danny On 13/May/2002 19:34:39, Rodney Richison wrote: > Danny, I have not yet implemented the routing file. Before I do, could you > explain to me about the .net thing? I am, after all, <A >HREF="http://www.rcrnet.net";>www.rcrnet.net</A> :) > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, May 13, 2002 4:57 PM > Subject: [sambar] Removing Email Atcahments {07} > > > > hehe... very could question.. We elminated one of the .coms because it was > rejecting certain emails that contained. name= [EMAIL PROTECTED] > Hence the .com in the email address. Luckily we don't have to worry about > attachments for .org or .net :).. We only saw this on messages that were > forwarded that contained the previous email information embedded in the > body.. So far we haven't seen any other .com attachments slip through nor > any other valids get rejected. > > > > Beware though: We have found that certain versions of MS Outlook(not > outlook express) were sending email by default as a .doc attachment. As you > can see in the routing rules we are blocking .doc. The simple fix was to get > the user to change the default parm in their outlook to send as normal > mail.. Haven't seen this on newer version of OL, just some older ones. > > > > Danny > > > > On 13/May/2002 22:26:26, Claus Lund wrote: > > > Updated from 5.1prod to 5.2b2 and it solved the problem - exatly the > same problem with the maillist auto reply ;-) > > > > > > Just one more Q: > > > Why aren't there 3 lines with *name=*.com* in the routing.flt ? > > > > > > I realy love this routing.flt - seems be exatly what I have been > missing - specially after this klez thing is everywhere. > > > > > > Thanks a lot. Claus > > > > > > On 13/May/2002 14:31:08, [EMAIL PROTECTED] wrote: > > > > You need to update your sambar. I recall one of the versions was > garbling up the replyfile. > > > > > > > > Danny > > > > > > > > On 13/May/2002 20:51:46, Claus Lund wrote: > > > > > Great. > > > > > > > > > > But i have problems reading the reply and forward mails - and my > path in the routing.flt. Using Sambar webmail all I see in the body is Unnam > ed as a link - when I clik it it wont open. Using Outlook The body show > this: > > > > > > > > > > "v�wLj)CzX�z�.j)n���zf�-̬��j�ލ�-y֦z� > ���kazz-y��r*bz{]��hjs-z{bjYr�{ }歵�!T�� > > > > > > > > > > The inbox.fld show this: > > > > > > > > > > <start> > > > > > From [EMAIL PROTECTED] Mon May 13 20:30:15 2002 > > > > > X-UID32: 1021307713 > > > > > Return-path: [EMAIL PROTECTED] > > > > > Received: from 127.0.0.1 by mail.lundborg.dk (Sambar SMTPD); > > > > > id s20020513203015.89; Mon, 13 May 2002 20:30:15 > > > > > Date: Mon, 13 May 2002 20:30:15 +0200 > > > > > From: [EMAIL PROTECTED] > > > > > Subject: Auto-responder[claus2]: test3 > > > > > To: [EMAIL PROTECTED] > > > > > Reply-To: [EMAIL PROTECTED] > > > > > X-Mailer: <Sambar Server Mailer> > > > > > MIME-Version: 1.0 > > > > > Content-Type: text/plain; charset=ISO-8859-1 > > > > > Content-Transfer-Encoding: base64 > > > > > Status: R > > > > > > > > > > Mail Delivery Failure: > > > > > > > > > > The mail system has rejected your message due to a potentially > unsafe attachment. > > > > > <end> > > > > > > > > > > Any Ideas? > > > > > > > > > > Claus > > > > > > > > > > > > > > > > > > > > On 13/May/2002 11:21:08, [EMAIL PROTECTED] wrote: > > > > > > Some of us have already been working on blocking these with > routing rules and so far are testing as proven pretty succesful. If any of > you would like you can visit our website and obtain the routing.flt file and > reply/forward files. These are located under our tools/help section. Let me > know if any of you have any problems with them. > > > > > > > > > > > > <A HREF="http://www.cnsonline.com > > > > > > > > > > > > Danny > > > > > > > > > > > > On">http://www.cnsonline.com > > > > > > > > > > > > Danny > > > > > > > > > > > > On</A> 13/May/2002 07:02:26, Alex Broens wrote: > > > > > > > At 23:40 12.05.2002 Philip J. Newman wrote: > > > > > > > >Is there a way of removing email atachments from emails so i > can stop this > > > > > > > >virus's spreading across my network? > > > > > > > > > > > > > > Seem's you're infected already - to avoid you spamming the list > I've changed your status to read only. > > > > > > > > > > > > > > To be able to post, you will need to un-subscribe & re-subscribe > when you're clean. > > > > > > > > > > > > > > You may also want to set Sambar NOT to accept attachments with > the following endings: > > > > > > > > > > > > > > ..exe > > > > > > > ..dll > > > > > > > ..scr > > > > > > > ..pif > > > > > > > ..bat > > > > > > > ..com > > > > > > > ..lnk > > > > > > > ..vbs > > > > > > > ..eml > > > > > > > ..wsh > > > > > > > ..scp > > > > > > > > > > > > > > These are some of the typical worm carriers. > > > > > > > > > > > > > > <A HREF="http://www.symantec.com";>www.symantec.com</A> has a > great little Klez remover named "FixKlez.com" which may help you. > > > > > > > > > > > > > > Alex > > > > > > > > > > > > > > Alex > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > > To unsubscribe please go to <A TARGET="_blank" > HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</A> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > To unsubscribe please go to <A HREF="http://www.sambar.ch/list/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ">http://www.sambar.ch/list/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > </A> > > > > > > > > > > ------------------------------------------------------- > > > > > To unsubscribe please go to <A TARGET="_blank" > HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</A> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > To unsubscribe please go to <A TARGET="_blank" > HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</A> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > To unsubscribe please go to <A TARGET="_blank" > HREF="http://www.sambar.ch/list/";><A TARGET="_blank" >HREF="http://www.sambar.ch/list/</A>">http://www.sambar.ch/list/</A></A> > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > To unsubscribe please go to <A TARGET="_blank" >HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</A> > > > > > > > > > > > > > > > > ------------------------------------------------------- > To unsubscribe please go to <A TARGET="_blank" >HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</A> > > > > > > ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
