Bill Landry wrote:
And the more I think about this, it would be highly unlikely that this would happen. In this case, my spamtraps had been receiving spam from private.pl and got listed, and then some time later someone referenced a perl file that was also named private.pl in an email which caused the message to be flagged - should be a very rare occurrence, wouldn't you agree? That is also why it is highly recommended 3rd party signatures be used in a scoring system rather than an outright blocking system. Then if something like this did happen to occur, it would most likely not prevent the message from being delivered unless it also got flagged by other spam rules, as well. Bill
Ah, now I remember. We do exactly this but our code keys on the string Sanesecurity being in the virus name. The code is there since the early days of Sansecurity. So, should we now key on the string UNOFFICIAL instead? Do all signatures downloaded from sanesecurity end in the string UNOFFICIAL.
-- Roberto Ullfig - rullfig@xxxxxxx ACCC Systems Programmer