On Tuesday, December 21, 2004, 12:51:19 PM, Andrew wrote: CA> It sounds good to me, Pete.
CA> May I humbly suggest that this be a new result code, e.g. 046? Until CA> now, Message Sniffer has been very parsimonious with the new categories, CA> but this looks like one that will be here for a long time. I thought about making a new rule group for this, but talked myself out of it: 1. I don't want to give this group priority over other rules (lower symbol values get priority within a given scan). 2. Many bounces like this are already being captured by existing rules - especially those that include parts or (ghasp) all of the bounced message. 3. Many of the rules we will be coding will be dual-use... That is, when we get a bounce message that shows us the subject of the original, and the name of the file that was rejected (or some similar group of features) we will be coding a malware rule to block both the original content and the bounces --- rather than trying to code a good malware rule that avoids tagging bounces which is sometimes hard or impossible to do. -- After thinking about all of these it seems simpler and more consistent to code these rules inside the existing malware group. _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html