From: Obantec Support [mailto:[EMAIL PROTECTED] > > ok so its a virus on some else's PC but i see quite a few incoming > in the last week. my AV dropped the attached zip. > > so SA does not trap it, should i be looking at a procmail rule to > dump the emails.
SA does not intentionally try to catch viruses. If they look spammy enough, it will get them, but no special effort is made. Ideally, your AV program should reject (or drop) viruses. It is very unusual these days for a virus to hitch along with a valid message. Most of them send out their own messages. If your AV program marks the message somehow to indicate that it cleaned a virus, you can use procmail to detect that marker and dump the message. Alternately, you could have SA detect the AV marker and bump the score if you're paranoid about dropping mail. Bowie
