On Fri, 2004-01-09 at 09:56, Kang , Joseph S. wrote: > > We're being hit by MS security update emails. I know they're > > not spam, > > but rather more accurately described as virii or worms. > > > > However, I'm wondering if anyone has a good rule that will mark these? > > That's a good question. I got a few of those yesterday (day before?), too. > I was freaking out trying to figure out how they got through until I > remembered that they were over the 256K size limit for e-mails and bypassed > SA. :) > > Most people who've had these pass through SA have suggested upping the score > for e-mails with executables attached. Can't remember the exact rule. Try > searching the list archives. The discussions occurred yesterday.
This has been discussed here several times in the past. IIRC, the general consensus was that it was better to handle virus e-mail with an anti-virus scanner rather than SA. Personally, I just disallow executable attachments altogether (anything in the .exe, .pif, .vbs, etc. range). -- Frank Pineau Hey, you know those Roman hackers? Man, were they I III III VII!
signature.asc
Description: This is a digitally signed message part
