Steve Lamb said:
> Also I think anyone who isn't doing scanning with a virus scanner,
> both
> inbound and outbound, after SoBig and SWEN should forcably have their
> server
> removed from them, period. SoBig only ended because it was designed to
> end.
> SWEN is still hitting me for close to 200 a day that I haven't blocked.
> Who
> knows how many they're hitting me on the several hundred IPs I have
> blocked.
SWEN and SoBig never hit our virus scanner. It was blocked by other ACL's
before it got the chance to be scanned by ClamAV or even SpamAssassin.
We dont scan for stuff at our hub's either.
Just blocking attachments of obvious types will do wonders and eliminate
headaches.
I'm just waiting for the virus that comes in a password protected zip file
that includes the password in the body of the message with some Microsoft
warning that this needs to be used to protect your software.. :-)
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
