Bypass antivirus

Discussion forum for Enterprise Edition.
Post Reply
aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: Bypass antivirus

Post by aahq »

I think the AV Scanning of ME doesn't do much at the time of scan (if you are just returning a result). Everything happens from the filters.

Probably, creating an advanced filter would help. I have something below that may help you with the programming. You could probably change the end statement to a ---> CriteriaMet([ME_TOorCC],"Value") rather than authenticated (this is testing for whether something is marked up as spam and not detected by the AV but is skipping if it is an authenticated user).

Scott

-----------------

FilterResult=0
MEResultData=""
MEResultData1=""
MEResultData2=""
MEResultData3=""


If CriteriaMet([ME_HASVIRUS], 1) Then
MEResultData1 = "ClamAVDetected"
Else
MEResultData1 = "ClamAVNotDetected"
End If


If CriteriaMet([ME_HEADERS_CONTAIN],"*X-Spam-Status: Yes*") Then
MEResultData2 = "HasSpam"
End If


If (MEResultData2 = "HasSpam" and MEResultData1 = "ClamAVNotDetected") Then
FilterResult=1
End If

If CriteriaMet([ME_SENDERAUTH], 1) Then
FilterResult=0
End If

Post Reply