AW: [Mimedefang] Virus Handling
Martin Bene
martin.bene at icomedias.com
Thu Nov 28 02:46:01 EST 2002
Hi Rick,
> Good idea. I might do that since my logs show that the Klez virus
> outnumbers the rest by at least 100 to 1. Here is a sample
> line of perl
> which could be placed immediately before the action_bounce
> statement in
> routine filter:
>
> return action_discard() if $VirusName =~ /klez/i;
>
> or
>
> return action_discard() if $VirusName =~ /klez|bugbear/i;
Also worth looking at: if your virus scanner puts viruses into different
"classes", you might use the class name for your action; For example, in
Kaspersky AV all those self - propagating viruses are named "I-Worm.*"
(I-Worm.Klez.h, I-Worm.Tanatos, I-Worm.Lentin.g..).
$FoundVirus = ($category eq "virus" || $category eq "suspicious");
if ($VirusName =~ /^I-Worm\./) {
md_log('bounce virus',$VirusName, $RelayAddr);
return action_bounce("Nachricht ist mit einem selbst-versendenden
Virus befallen. Empfang administrativ gesperrt.");
}
Bye, Martin
More information about the MIMEDefang
mailing list