On Fri, Dec 08, 2006 at 01:16:52PM -0500, Michael Sprague wrote:
[...]
> So I deny if a scam is matched but discard if it's a 'real' virus. The
> extra match condition in the deny acl currently just matches the
> 'Email...' sigs.
This (and the similar decision by the ClamAV people to
start including phishing mail that is *sent by* viruses,
as well as the viruses themselves, in their database) of
course risks the irritating side-effect that users then
can't report these mails to the responsible authorities
without jumping through idiotic hoops. Probably best to
make sure your configuration doesn't do that :-)
--
I stops when I'm requested, although it spoils the ride/
So he can shout `Get out of it, we're full right up inside'.
(Flanders and Swann, `A Transport of Delight')
