Virus notification to internal sender.
Mark Martinec
Mark.Martinec+amavis at ijs.si
Sat Jul 5 14:13:37 CEST 2014
ANANT,
> I have enabled PUA in ClamAV. Sometimes our employees send PDF
> documents to internal users and it gets detected as PUA and the
> recipient gets a message that VIRUS PUA was found and hence blocked.
>
> I want to enable notification to internal sender also along with
> recipeint (the email id belongs to our own domain). Is it possible? If
> yes, what should be the parameters which I need to enable in amavisd?
To let a sender get a non-delivery notification on a blocked virus,
you need to set $final_virus_destiny to D_BOUNCE. As this is
not wise as a global setting, but possibly useful for messages
originating from inside (although even internally originating
mail from infected machines can have a fake sender address),
the way to do so is to change final_virus_destiny in a policy
bank, but leave a global setting at a safe D_DISCARD or D_REJECT
or D_PASS.
Something like this:
@mynetworks = qw(
0.0.0.0/8 127.0.0.0/8 [::1] [fe80::]/10 [fc00::]/7
169.254.0.0/16 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
# ... list all your networks here
);
$final_virus_destiny = D_REJECT;
$policy_bank{'MYNETS'} = {
final_virus_destiny => D_BOUNCE,
};
If there are authenticated users submitting mail from remote
IP addresses, instead of relying on @mynetworks and MYNETS
you need to use a port-based policy bank and configure
MSA to pass authenticated submitted mail to a dedicated
TCP port of amavisd, where a policy bank (often called
ORIGINATING) could be activated.
Mark
More information about the amavis-users
mailing list