Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2041
Views
0
Helpful
2
Replies

HOW TO: Dropping mass mailers

shannon.hagan
Level 1
Level 1

‎04-05-2005 03:42 PM

You need top do this in the policy configuration (policyconfig --> Incoming or Outgoing--> filters) or you can do it in the GUI (Mail Policies --> Incoming/Outgoing Content Filters) since the X-IronPort-AV doesn't get added until the virus checker runs. Remember to add the policy for all listeners.

Conditions:
header("X-IronPort-AV") ==
"(?i)almat|annil|atak|baba|bagle|bagz|bagz|bancban|banker|beaker|bigag|bkfraud|bobax|bofra|bugbear|bugbear|cissi|conycsp|c
rowt|dalixy|darby|delf|favsin|fightrub|graber|keylog|kipis|ldpinch|lydra|maslan|mimail|mydoom|netsky|pikis|plexeus|proba|p
rorat|pwslimir|rbot|salga|sharp|sobig|spabot|spyvb|stawin|text|torun|umbriel|vipgsm|wurmark|yaha|yanz|ybad|zafi|zonit|zoom
en"

Actions:
drop()

Description:
Drop mass mailers from the system


As new mass mailers get added, you can to the list.

It would also be nice if mass mailers were auto identified and you could take action on it in the mail policies like you do for repaired, encrypted, unscannable and virus infected messages.

Labels:
0 Helpful
2 Replies 2

ian_ironport
Level 1
Level 1

‎04-05-2005 05:22 PM

I'm doing the same thing

header("X-IronPort-AV") == "v=\"W32/(Sober|Love?gate|Netsky|Bagle|Bugbear|Mytob|Gibe|MyDoom|Zafi|Bagz|Parite|Mabutu|Kipis|Nyxem|Yaha|Flcss|Sircam|Klez|Chir|Fizzer|Dumaru|Sobig)"

And the end-users love it. But it's a pain to update manually as new viruses hit the network. Anything to automate this would be great.

0 Helpful

Jim243_ironport
Level 1
Level 1

‎04-07-2005 08:18 PM

We have 12 IronPorts, so automation would be a wonderful thing.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents