that i know
but if we had a skipifforgingvirus, we will only worry about updating
virus.cfg, instead of also having to change the emls when a new forging
virus appears
the freedom is not lost since you are not obligated to use
skipifforgingvirus, and still can do it the old way
but i don't like the fact to have to maintain all the emls where you may
forget one of the forging viruses, it can always be a source of errors
BTW Kami or others, how to use the skipifvirusnamedoesnothave ?
can we have many of those in the same eml ?
any examples ?
- Original Message -
From: Kami Razvan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 05, 2003 11:29 PM
Subject: RE: [Declude.Virus] FORGING VIRUS
Hi;
Just in case Scott is taking a day off...
The way we do this is by first adding:
FORGINGVIRUS Braid
FORGINGVIRUS Bridex
FORGINGVIRUS Bugbear
FORGINGVIRUS Hybris
FORGINGVIRUS Lentin
FORGINGVIRUS Klez
FORGINGVIRUS Magistr
FORGINGVIRUS Sobig
FORGINGVIRUS Vulnerability
FORGINGVIRUS Yaha
FORGINGVIRUS Fizzer
FORGINGVIRUS Palyh
To the virus.cfg
This will define which are forged therefore the email address of the
sender
is replaced by [forged] in the alert.
Then in the sender.eml and otherpostmaster.eml we have:
SKIPIFVIRUSNAMEHAS Yaha
SKIPIFVIRUSNAMEHAS Lentin
SKIPIFVIRUSNAMEHAS Magistr
SKIPIFVIRUSNAMEHAS Klez
SKIPIFVIRUSNAMEHAS Vulnerability
SKIPIFVIRUSNAMEHAS Bugbear
SKIPIFVIRUSNAMEHAS Bridex
SKIPIFVIRUSNAMEHAS Braid
SKIPIFVIRUSNAMEHAS Sobig
SKIPIFVIRUSNAMEHAS Palyh
So in essence I think what this does is it first replaces the forged email
and then if it is to send the alert it will skip it if it sees it.
Of course it would be more efficient if both actions where done by one
listing but I guess this way it gives you more freedom.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Serge
Sent: Saturday, July 05, 2003 6:21 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] FORGING VIRUS
sorry if this is a trivial question, but is there a
skipifforgingvirus option ?
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To unsubscribe,
just
send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.Virus.The archives can be found
at http://www.mail-archive.com.