Thus spake Steve Platt <svp@???>:
>By the way, I should have mentioned something else about the Navidad.exe that
>got past our system_filter (because message_body_visible was too small).
>
We had that happen once recently, too.
I'm freezing questionable files (rather than bouncing them - politics),
although in general I'm letting .exe files through - ie I took exe out
of the system filter (by the way, it's WONDERFUL! we stopped over 50
discreet virus copies in two months).
I had to code a special rule to catch navidad.exe, but because of my
relative ignorance of how to write the regular expression right, I
couldn't quite get a "generic rule". Suppose I want to watch for
anti_cih.exe
avp_updates.exe
happy99.exe
navidad.exe
siecho-no-ie.exe
zipped_files.exe
(which all belong to known viruses) and let other .exe files through -
yet relatively painlessly add another .exe to the list when we have to
watch for one ?
Thanks in advance, Doug
--
Doug S. (doug@???) (
http://cc.ysu.edu/~doug/)
The shadow of a dog never bit anyone -- Kenneth Copeland
Stamp out html e-mails:
http://www.geocities.com/CapitolHill/1236/nomime.html