Some email viruses or worms will have characteristics which you can
use to block the emails. In this article we will use the W32.Sobig.F@mm
worm as an example. You can view some further details about this virus
Please note that the "From" email address on many of these types
of virus emails are spoofed. This means that the sender in the "From"
field is most likely not the real sender. To determine the actual sender
you will need to view the header of the email and make note of the
originating IP address.
It is possible to filter your email based on the attachment. For
example, W32.Sobig.F@mm will use one of the following file attachments:
You can filter your mail based on these file names, or you may
want to filter based on the file extension only, such as ".pif" or
".scr". Also, some other viruses may use the ".vbs" file extension. To
do this, you can follow these steps:
- Browse to your email administration page at http://emailadmin.YOUR_DOMAIN.COM
- Log in with the username Admin and your account password.
- Under "HOME", Click - Inbound Rules.
- Click - Add A Rule.
- Select - If The Body Text.
- Select - Contains.
- Type in the Search Text, for example: name=.*\.pif.
- Click - Next.
- Click - Set Action.
- Select - DELETE
- Click - Save Action.
- Click - Save Rule.
Please note that creating a rule such as this is not perfect. It is
still recommended that you install an anti-virus software with the
latest virus definitions to ensure that any email viruses are blocked.