<html><head><title>Capabilities</title>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-15">
</head>
<body>
<span style=" font-family:'Courier New'; font-size: 9pt;">I've done a fair bit of reading, both of the docs, web walk-throughs and the list archives.<br>
<br>
However, I'm not sure if what I want to do is supported:<br>
<br>
Given: Ununtu 12.04 / Postfix / Dovecot / Amavis-new [2.3.3]<br>
Users are local users, not virtual. <br>
Not using LDAP or MySQL etc to handle users/configurations.<br>
<br>
Needs:<br>
Like everyone, we're getting more and more hostile attachments - which is the primary motivator for Amavis.<br>
Up to now, we've used client side AV scanning etc. However, the attachments we're getting are zero-day exploits in most cases, where the AV engines simply don't recognize them yet. [Given a day or three, they are, but not when received.]<br>
<br>
So, I need to start doing attachment filtering. As long as we're at it, we should have adequate capacity to also do ClamAV - which will get us a small leg-up, perhaps.<br>
But I'm not counting on ClamAV to catch the problem attachments.<br>
<br>
However, we can't just block every .zip file for example. Some zips from some senders are legit.<br>
Further, I don't want to block mail without generating a bounce reply. [An alternative would be rejecting it before accept at the MTA]<br>
But generating a bounce for blocked attachments will cause a host of back-scatter.<br>
<br>
So, it seems the options are: Block completely, at the MTA, some attachments that we'll never accept. [.exe for example.]<br>
I hope to use amavis to scan, for example, zip attachments for viruses, and if found quarantine them. [Though zips aren't the only one, this is simply an example.]<br>
<br>
For some users, we'll quarantine all zip files. However, for other users [and/or, some senders] we'll accept those attachments. [And yes, I fully understand that the envelope sender can be forged, and can't be trusted. However, it probably is better than doing nothing.]<br>
<br>
Finally, I'd like to scan archives for particular files. For example, we'll accept a zip, and even if the AV thinks it's clean, if the zip contains a .exe we should still quarantine.<br>
<br>
Is this possible, in general? <br>
Any pointers as to how best to approach it? <br>
Any good example threads or web-pages?<br>
<br>
TIA<br>
-Greg<br>
</span><a style=" font-family:'arial';" href="mailto:gregs@sloop.net"></a></body></html>