On Mon, Sep 22, 2003 at 10:45:18AM -0400, Jesse Guardiani wrote: > Howdy list, > > Is there any way I can get qmail-scanner to only > send me virus notifications via email if the headers > of the quarantined virus contain a certain regular > expression? > > For instance, I'd LOVE to be notified anytime my > headers contain ".*ppp.*customer.wingnet.net.*".
Already sort of does that. The "RC:[01]" component of the syslog record that is generated for each message tells you if the message was sent by a RELAYCLIENT or not (i.e. if it was locally generated). If you see a quarantine event with "RC:1", then that means the virus was generated by a local user instead of an Internet user. We use that feature here (via "swatch") to trigger alerts to our helpdesk staff if a local user sends a virus - just what you want I'd suspect. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
