Bypass antivirus

Discussion forum for Enterprise Edition.
Post Reply
onlyamd4000
Posts: 18
Joined: Sun Oct 05, 2014 2:02 am

Bypass antivirus

Post by onlyamd4000 » Tue Apr 26, 2016 2:49 am

Are there any others ways to customize bypassing av scanning... say on certain email addresses or possibly by ip address that can be specified? The only option I see to bypass av scanning is for authenticated senders.

Thanks

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: Bypass antivirus

Post by aahq » Tue May 10, 2016 5:47 am

I think the AV Scanning of ME doesn't do much at the time of scan (if you are just returning a result). Everything happens from the filters.

Probably, creating an advanced filter would help. I have something below that may help you with the programming. You could probably change the end statement to a ---> CriteriaMet([ME_TOorCC],"Value") rather than authenticated (this is testing for whether something is marked up as spam and not detected by the AV but is skipping if it is an authenticated user).

Scott

-----------------

FilterResult=0
MEResultData=""
MEResultData1=""
MEResultData2=""
MEResultData3=""


If CriteriaMet([ME_HASVIRUS], 1) Then
MEResultData1 = "ClamAVDetected"
Else
MEResultData1 = "ClamAVNotDetected"
End If


If CriteriaMet([ME_HEADERS_CONTAIN],"*X-Spam-Status: Yes*") Then
MEResultData2 = "HasSpam"
End If


If (MEResultData2 = "HasSpam" and MEResultData1 = "ClamAVNotDetected") Then
FilterResult=1
End If

If CriteriaMet([ME_SENDERAUTH], 1) Then
FilterResult=0
End If

Post Reply