I would be hesitant to use another person's rules file without knowing the IMail version they are using (syntax has changed slightly in newer versions), and without understanding the syntax of rule formulation to be able to check to rules you are copying. In addition, sending all filtered output to NUL is disturbing to me, as the administrator doing this actually has no idea what they are actually filtering, if anything, with a particular rule.
The list of rules recently posted to the list, repeated in part below, includes a number of syntactical errors that add up to the fact that some of the rules are not filtering what they are intended to filter. ("filename" is changed to "file_name" to try to circumvent the filters of list members.)
> From: "Todd Carew" <todd@nrgnetworks.com> > Subject: RE: [IMail Forum] Advice > Date: Thu, 15 Mar 2001 13:54:01 -0500 > Reply-To: IMail_Forum@list.ipswitch.com > Below you will find the list of rules that we use. These will > stop lots of > nasty things from making it to your email box. B~ is body and S~ > is subject > :-) goodluck > > Todd > > > B~file_name=".*\.shs":NUL This one is correct, and accomplishes what the following three do not.
> B~file_name="*.shs":NUL This one is actually filtering the string: file_name= followed by any number of repetitions of " followed by any single character followed by shs" It would successfully filter file_name=""""""9shs" It would not filter file_name="virusforyou.shs"
> B~file_name="*.txt.shs":NUL This would filter file_name="9txt9shs" It would not filter file_name="YourNewVirus.txt.shs"
> B~file_name="LIFE_STAGES.txt.shs":NUL Would work most of the time, but would be more accurate by converting the periods to \.
> B~file_name="*.*\.exe":NUL Works, but the first * is unnecessary
> B~file_name="*.exe":NUL Would filter file_name="9exe" Would not filter file_name="DestroyYourHD.exe"
*******************************
Notes on Rules Syntax: 1. In v. 6.x (I can't speak to earlier versions), the following are special characters. To include any of these in a search string, they must be preceded by the back slash (\)
{}()|*+,.: For this reason, a period in a search string is represented by \.
2. A period alone (not preceded by a back slash) represents "a single occurrence of any character" An asterisk is not a "wildcard." The asterisk is a "quantifier" and denotes the occurrence of zero or more repetitions of the character that precedes it. Thus one would use .* to indicate any number of occurrences (*) of any character (.)
3. These filters will only filter MIME attachments, not Uuencoded attachments, for which other, similar rules must be employed.
4. Rules filter (examine) only the first 32K of any message.
The knowledge base has a recently updated set of rules that do, in fact, work (within their limitations):
http://support.ipswitch.com/kb/IM-19980116-DD08.htm
-- Michael Ernst
Imail Forum
Michael Ernst