Re: [Mimedefang] Virus notification to virus administrator
On 1/7/2016 10:31 AM, jan hugo prins wrote: > I would have expected to see this output in $VirusScannerMessages. According to the mimedefang-filter manpage, that variable is only accessible in filter_begin, filter, filter_multipart and filter_end. Are you trying to access it in another context? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Virus notification to virus administrator
Hej, Am Donnerstag Januar 7 2016 12:25 schrieb jan hugo prins: > Hi, > > I'm currently trying to replace amavisd-new with mimedefang, but one > thing is currently really stopping me from going on. > We have a requirement to send a notification to an internal security > list for all virusses detected including a scanner report, and a > quarantine location for the mimepart. The only thing I can find is a > action_discard when a virus has been found and everything I find on > the internet suggests that it is not possible to send any > notification. > > We _don't_ want to bounce a notification to the sender of the > orriginal message because this is almost always faked. action_bounce() does not bounce to the (possibly faked) sender-adress, but to the sending mail-server. > > Does anyone have a working sollution for this? what about action_quarantine_entire_message(), which also sends a mail to the mimedefang-admin, and action_notify_administrator()? And there is add_recipient() and delete_recipient(), which might be useful in your case. hth a bit ... Jürgen > > Jan Hugo Prins signature.asc Description: This is a digitally signed message part. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Virus notification to virus administrator
Hoi, On 01/07/2016 01:28 PM, Juergen Kleff wrote: > Hej, > > what about action_quarantine_entire_message(), which also sends a mail > to the mimedefang-admin, and action_notify_administrator()? And there > is add_recipient() and delete_recipient(), which might be useful in > your case. > > Adding the action_quarantine_entire_message() and enabling send_quarantine_notifications() in filter_end results indeed in a message being put in Quarantine and a notification of this message to the administrator. I'm also able to get the virus name into the quarantine message. But it seems that the variable $VirusScannerMessages stays empty. In mimedefang.pl I have found the options that are being used when scanning files and I tested them against an EICAR test file and this gives the following result: [root@mailserver /]# clamscan -r --stdout --no-summary --infected ~jprins/eicarcom2.zip /home/jprins/eicarcom2.zip: Eicar-Test-Signature FOUND [root@mailserver /]# fpscan --report --archive=5 --scanlevel=4 --heurlevel=3 ~jprins/eicarcom2.zip F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-56-20) FRISK Software International (C) Copyright 1989-2007 Engine version: 4.4.4.56 Virus signatures: 2016010706416ffdec6f95d46145bb42aebd7efc8a31 (/usr/local/f-prot/antivir.def) [Found virus] /home/jprins/eicarcom2.zip->eicar_com.zip->eicar.com [Contains infected objects] /home/jprins/eicarcom2.zip Results: Files: 1 Skipped files: 0 MBR/boot sectors checked: 0 Objects scanned: 3 Infected objects: 1 Files with errors: 0 Disinfected: 0 Running time: 00:01 I would have expected to see this output in $VirusScannerMessages. Jan Hugo Prins ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang