Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Auto-delete viruses with rules GW5.5

Status
Not open for further replies.
johnbb

johnbb

Technical User
Sep 1, 2003
2
GB
Due to many copies of Sobig-F I have tried to configure a rule to delete emails with certain types of attachments. I have seen this recommended in several articles. On our system, this rule does nothing (tried on different mailboxes). All other rules seem to work OK. The rule is as follows:
When new item is received, type is mail, conditions:

Include entries where ... Attachments contains '.pif' or Attachments contains '.scr' or Attachments contains '.vbs' or Attachments contains '.bat' or Attachments contains '.com'Include entries where ... Attachments contains '.pif' or Attachments contains '.scr' or Attachments contains '.vbs' or Attachments contains '.bat' or Attachments contains '.com'

Action is either "Delete/Decline.." or "Move to folder.."

I have tried *.pif and just pif in the conditions, but no luck. Any advice would be much appreciated.

 
Sort by date Sort by votes
Hi

I've tried this with a rule containing:

Attachments contain pif
Move to folder...

Works fine for me. Are there any other rules which may conflict with this? Have you tried just adding pif to the rule then gradually adding more conditions?

As a general point, it's much better to filter out viruses before they get to the mailboxes. there are a number of products which will do this. We use Mailsweeper ( which works great.

John
 
Upvote 0 Downvote
Thanks for your reply. I still have the problem when this is the only rule configured and with only one condition (pif), so I don't think there is a conflict.
I hope we will have filtering at the gateway in the longer term, but would like to do something in the short term.

 
Upvote 0 Downvote
If you can't get the attachment rule to work you could try a rule based on subject lines:
Re: That movie
Re: Wicked screensaver
Re: Your application
Re: Approved
Re: Re: My details
Re: Details
Your details
Thank you!

This will only work for sobig-f plus some variants, but if you're getting as many as us (our filter stops 4 per minute) it's well worth doing. You may get a few false positives; it's your call whether you think it's a fair price to pay.

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lassaad2k
  • Locked
  • Question
Mdaemon Integration with AD
Replies
0
Views
1K
lassaad2k
lassaad2k
InMaine
  • Locked
  • Question
Help with relay issue
Replies
0
Views
74
InMaine
InMaine
atascoman
  • Locked
  • Question
Supporting a Novell environment, need help with user account/mailbox
Replies
1
Views
194
goombawaho
goombawaho
scottlm
  • Locked
  • Question
Groupwise Rules forwarding emails
Replies
3
Views
74
scottlm
scottlm
Spangberg
  • Locked
  • Question
Messages drops with "g_e_h: no sender and no recips."
Replies
0
Views
224
Spangberg
Spangberg

Part and Inventory Search

Sponsor

Back
Top