I've been trying to set up rules to stop or at least filter/monitor email
that has double extensions. For example the recent W32Badtrans virus which
has the double extension with either .scr or .pif. and the W32.Goner.1@mm
virus that has .scr.
How would I set up rules to scan the email body
Marc Archibald wrote:
...
How would I set up rules to scan the email body for attachments with double
extensions (e.g. file_name.doc.scr) and if it finds a match either Kill
it or send someplace where it can be viewed? I've tried what the KB
instructed but couldn't get it to work correctly.
Keep in mind that its perfectly legal to have periods in the 'filename'
portion of a filename.
What would you want done with a file named receipts.july.doc?
Another common one is www.yahoo.com.lnk.
-Scott
---
Declude: Anti-virus, Anti-spam