Re: [clamav-users] can I check for CreditCards but NOT check for SSNs?
Well, I feel dumb now... not sure why I didn't try that before. Thanx Mickey! Rob. On 05/04/2016 06:00 PM, Mickey Sola wrote: Hi Rob, Just tested this, and it seems setting both "StructuredSSNFormatNormal" and "StructuredSSNFormatStripped" to "no" in clamd.conf should give you the behaviour you want. Let me know if that works for you. Cheers, Mickey On Wed, May 4, 2016 at 5:41 PM, Rob McKennon wrote: Hello! We are getting some false positive results with Heuristics.Structured.SSN. Is there a way to disable the SSN check, but keep the CreditCard check? For now I have just increased the SSN count to 1000 to get around this. Setting it to 0 did not disable it :( Rob. StructuredDataDetection yes StructuredMinCreditCardCount 1 StructuredMinSSNCount 1000 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] can I check for CreditCards but NOT check for SSNs?
Hello! We are getting some false positive results with Heuristics.Structured.SSN. Is there a way to disable the SSN check, but keep the CreditCard check? For now I have just increased the SSN count to 1000 to get around this. Setting it to 0 did not disable it :( Rob. StructuredDataDetection yes StructuredMinCreditCardCount 1 StructuredMinSSNCount 1000 ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Structured.CreditCardNumber bounce
On 04/01/2016 11:40 AM, Bowie Bailey wrote: On 4/1/2016 11:16 AM, Rob McKennon wrote: On 04/01/2016 11:01 AM, Vladislav Kurz wrote: On Friday 01 of April 2016 Rob McKennon wrote: Hello, One of the reasons we use clamav is to not accept emails with credit card numbers. And it works great to bounce the message back to the sender. However, according to PCI, sending the original message back with the same credit card numbers they sent us, is just as bad as them sending it to us in the first place. Is there a way to tell clamav to send the bounce message with the "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include the original email? Hi, this is not setting of clamav itself. It should be configurable in SMTP server or its antivirus interface like Amavis. Clamav just decides if the file is infected or not. It is the SMTP server that decides what is sent back. Ah, ok. Thank you for pointing me in the right direction! On the other hand, you shouldn't be sending bounce messages at all (assuming you are using the correct terminology). It is much better to reject unwanted emails. Bounce - Your MTA accepts the message, determines that it's not wanted, and sends a message back to the sender. Reject - Your MTA determines that the message is not wanted before accepting it from the sending server and returns an error to the sending server. It is then up to the sending server to determine what to do with the message. Once your MTA accepts the message, you have no reliable information about the sender of the message. Any bounce message you send is not guaranteed to go back to the real sender of the message. This can turn your server into a source of bounceback spam. It is much better to simply reject the message and let the sender deal with it. Legitimate messages will still have a bounce message sent from the sending server and you don't have to worry about your server sending a pile of bounce messages to an innocent third party whose email address is being used by a spambot. Thanx! Guess I used the term bounce incorrectly. After looking at my amavisd.conf file, I realized I have: $final_virus_destiny = D_REJECT; So it is properly configured, just not behaving the way we want it to yet. Rob. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Structured.CreditCardNumber bounce
On 04/01/2016 11:01 AM, Vladislav Kurz wrote: On Friday 01 of April 2016 Rob McKennon wrote: Hello, One of the reasons we use clamav is to not accept emails with credit card numbers. And it works great to bounce the message back to the sender. However, according to PCI, sending the original message back with the same credit card numbers they sent us, is just as bad as them sending it to us in the first place. Is there a way to tell clamav to send the bounce message with the "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include the original email? Hi, this is not setting of clamav itself. It should be configurable in SMTP server or its antivirus interface like Amavis. Clamav just decides if the file is infected or not. It is the SMTP server that decides what is sent back. Ah, ok. Thank you for pointing me in the right direction! Rob ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Structured.CreditCardNumber bounce
Hello, One of the reasons we use clamav is to not accept emails with credit card numbers. And it works great to bounce the message back to the sender. However, according to PCI, sending the original message back with the same credit card numbers they sent us, is just as bad as them sending it to us in the first place. Is there a way to tell clamav to send the bounce message with the "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT include the original email? Thank you, Rob McKennon ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
