On 04/01/2016 03:51 PM, [email protected] wrote:
On 2016-04-01 1:35 pm, Rob McKennon wrote:
Hello,
We are setting up Amavis and Clamav to detect credit cards coming into
our email, and it's working. However, it's returning the original
email to the sender, which also contains the credit card numbers.
Receiving the credit card numbers is bad enough, sending them back out
again violates PCI. Is there a way to reject the email without
returning the original email content? Below is a returned email with
test numbers as an example.
Thank you,
Rob McKennon
The mail system
<xxxxxxxxxx>: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject,
id=06026-19 - INFECTED: Heuristics.Structured.CreditCardNumber (in
reply to end of DATA command)
Final-Recipient: rfc822;xxxxxxxxxxxxx
Original-Recipient: xxxxxxxxxxxxxx
Action: failed
Status: 5.7.0
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=06026-19 - INFECTED:
Heuristics.Structured.CreditCardNumber
I removed your test numbers since anyone with DLP turned on might not
get the email.
I'm using the following which just discards the message:
$final_virus_destiny = D_DISCARD;
But it would be nice to be able to strip out the CC or SSN numbers and
send the message on to the recipient.
Good catch with the DLP, I didn't think about that! But D_DISCARD I
don't think is an option. We need the originator of the message to
understand that we rejected the mail because it contained credit card
numbers.
Rob.
