On Wed, 27 Aug 2003, Salvatore Toribio wrote: > As you could read at > <http://www.sophos.com/virusinfo/analyses/w32sobigf.html> Sobig > usually send an attachment with one of these names: > >.... > > So you could add in your quarantine-attachments.txt file these lines > before the line that blocks pif files: > > movie0045.pif 0 Sobig Virus > wicked_scr.scr 0 Sobig Virus > application.pif 0 Sobig Virus > document_9446.pif 0 Sobig Virus > details.pif 0 Sobig Virus > your_details.pif 0 Sobig Virus > thank_you.pif 0 Sobig Virus > document_all.pif 0 Sobig Virus > your_document.pif 0 Sobig Virus
I've done this, but I also have: .pif 0 PIF files not allowed here due to ... It is detecting movie0045.pif as Sobig virus and not sending a reply, but it's detecting thank_you.pif as 'PIF files not allowed'. Is this file sorted before processing? I would have thought the less specific wild-cards would be matched last, but it seems this is not happening? Cheers. > (remember to use tabs no spaces) > > In this way the routine "valid_virus_to_report" will intercept them > and doesn't send a notification to the forged sender. > > Hope this helps. > > ST > > -- Mark Powell - UNIX System Administrator - The University of Salford Information Services Division, Clifford Whitworth Building, Salford University, Manchester, M5 4WT, UK. Tel: +44 161 295 5936 Fax: +44 161 295 5888 www.pgp.com for PGP key ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
