[Classic] Viruses

Some email viruses or worms will have characteristics which you can use to block the emails. In this article we will use the W32.Sobig.F@mm worm as an example. You can view some further details about this virus at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html 

Please note that the "From" email address on many of these types of virus emails are spoofed. This means that the sender in the "From" field is most likely not the real sender. To determine the actual sender you will need to view the header of the email and make note of the originating IP address.

It is possible to filter your email based on the attachment. For example, W32.Sobig.F@mm will use one of the following file attachments:

your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

You can filter your mail based on these file names, or you may want to filter based on the file extension only, such as ".pif" or ".scr". Also, some other viruses may use the ".vbs" file extension. To do this, you can follow these steps:

  1. Browse to your email administration page at http://emailadmin.YOUR_DOMAIN.COM 
  2. Log in with the username Admin and your account password.
  3. Under "HOME", Click - Inbound Rules.
  4. Click - Add A Rule.
  5. Select - If The Body Text.
  6. Select - Contains.
  7. Type in the Search Text, for example: name=.*\.pif.
  8. Click - Next.
  9. Click - Set Action.
  10. Select - DELETE 
  11. Click - Save Action.
  12. Click - Save Rule.

Please note that creating a rule such as this is not perfect. It is still recommended that you install an anti-virus software with the latest virus definitions to ensure that any email viruses are blocked.

 

Was this article helpful?
0 out of 1 found this helpful