[pmmail-list] Complex filter for virus update
Kris Sorem Sr
pmmail-list@blueprintsoftwareworks.com
Tue, 31 Jul 2001 01:49:12 -0700 (PDT)
On Mon, 30 Jul 2001 00:28:16 -0700, Dave in Phoenix AZ wrote:
>It caught some but not others but the wording looked correct. I could not
>find any pattern or differences in what it caught and didn't.
Check the missed messages for a size greater than or equal to 134k. If
the message is smaller, it is not a SirCam infected message. Check the
missed messages for an attachment. If no attachment, it is not a
SirCam infected message. If the attachment doesn't have a double
extension, it is not a SirCam infected message.
>
>But I tried to make it simpler just to catch the one phrase. The shorter
>versions records is about 20 hits no errors so far.... they are slowing
>down...now that I have it so well automated to go to infected box (so I can
>be sure no errors) and send the auto text message.
Your simpler filter as posted will produce false positives and wastes
both processor and filtering time. It will also miss valid SirCam
infected messages.
--
JMO,
/s/~Kris
-------------------------------+------------------------------------------
- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com