better techniques to identify and remove zero-day viruses from cyrus store sought
list at joreybump.com
Tue Aug 21 14:28:08 EDT 2007
John Crawford wrote:
> What's the best way, and second best way to react to zero-day virus
> threats - messages that are delivered to the mail store before the
> detection is in place?
Any detection that can take place in the mail store can (and should) be
moved up the chain, preferably to the MTA.
> Is there a best practice that functions nicely
> within the cyrus community?
Yes, once a message is delivered, leave it alone. The most you should do
at that point is maybe provide an opt-in sieve rule that stores
suspicious messages in a special folder. But even this has caveats, and
I prefer to let the users sort their own mail.
More information about the Info-cyrus