Hoi,
On 01/07/2016 01:28 PM, Juergen Kleff wrote:
> Hej,
>
> what about action_quarantine_entire_message(), which also sends a mail
> to the mimedefang-admin, and action_notify_administrator()? And there
> is add_recipient() and delete_recipient(), which might be useful in
> your case.
>
>
Adding the action_quarantine_entire_message() and enabling
send_quarantine_notifications() in filter_end results indeed
in a message being put in Quarantine and a notification of
this message to the administrator.
I'm also able to get the virus name into the quarantine message.
But it seems that the variable $VirusScannerMessages stays empty.
In mimedefang.pl I have found the options that are being used
when scanning files and I tested them against an EICAR test file
and this gives the following result:
[root@mailserver /]# clamscan -r --stdout --no-summary --infected
~jprins/eicarcom2.zip
/home/jprins/eicarcom2.zip: Eicar-Test-Signature FOUND
[root@mailserver /]# fpscan --report --archive=5 --scanlevel=4
--heurlevel=3 ~jprins/eicarcom2.zip
F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-56-20)
FRISK Software International (C) Copyright 1989-2007
Engine version: 4.4.4.56
Virus signatures: 2016010706416ffdec6f95d46145bb42aebd7efc8a31
(/usr/local/f-prot/antivir.def)
[Found virus]
/home/jprins/eicarcom2.zip->eicar_com.zip->eicar.com
[Contains infected objects] /home/jprins/eicarcom2.zip
Results:
Files: 1
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 3
Infected objects: 1
Files with errors: 0
Disinfected: 0
Running time: 00:01
I would have expected to see this output in $VirusScannerMessages.
Jan Hugo Prins
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang