>> Citeren Joe Acquisto-j4 <j...@j4computers.com>:
>>
>>> Another question from the peanut gallery (a kids TV show reference from
>>> the 1950's. Which should tell you something) . . .
>>>
>>> With a local test email EICAR is detected and fed back to postfix.
>>> Ends up in hold queue as you would expect as
>>> per below as /var/log/mail says: (snipped)
>>>
>>> "postfix/cleanup[18137]: 686483954B: milter-hold: END-OF-MESSAGE
>>> from localhost[127.0.0.1]: milter triggers HOLD action; from="
>>>
>>> Probably this is a postifx thing, and I need to deal with that but,
>>> just for a sanity check (always a treat) is there something in
>>> /etc/clamav-milter.conf
>>> or elsewhere on the clamav side that can that behavior (while
>>> preserving the email for further disposition that is)?
>>>
>>> Just FYI at this point, wisp of idea is to process the hold queue
>>> (given the milter hold action will not change),
>>> alter the subject line per the "X-Virus-Status: Infected" text in
>>> the header and forward it on to the user,
>>> generally me.
>>
>> You probably want to lookup how to process messages from the HOLD
>> queue in Postfix.
>>
>
> Strikes me my first thought may be a poor choice.
>
> Wondering now what people generally do with infected mail? That is, is
> there a
> general consensus?
>
> Would it be "safe" (for the systems) to simply send the mail through, to the
> end
> use and merely tag the subject line with "Virus Detected" as SPAM messages
> are done? Send them to a quarantine mailbox for human review? Notify an
> administrator there is email being "held"?
>
> joe a.
>
>
I tend to agree with the "NO" votes. But, in the postfix "FILTER_README"
the author(s) suggest it is not a great idea, these days, to send the email
back to the sender, as the sender is very likely to be "spoofed". I guess
there
are different ways of looking at that particular avenue.
For now I will settle on a cron job script that peeks at the hold queue every
so often and
alerts someone (me) with an alert. I would have thought there was some
mechanism
already built in to the milter, or postfix, to do that, optionally) but I've
not stumbled on
one thus far.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
