Cedric Knight via amavis-users amavis-users at
Sun May 11 10:53:04 CEST 2014

> Am 07.05.2014 20:51, schrieb Karl Heinz Wichmann:
>> But how can i config amavis that when clamav found an virus, that the
>> user get the original mail and the attachment should be zipped with a
>> password. So that he can not open the attachment.

On 10/05/14 20:20, Karl Heinz Wichmann via amavis-users wrote:> Hallo
> Does anyone have a clue?

A clue rather than a complete answer.  Firstly, I'm not sure how
desirable your suggested behaviour is nowadays since very little
infected email is likely to be from a legitimate sender; I can't
remember the last time I saw a Word macro virus.  And you'd have to be
careful with JS or VBS malware or deceptive in the body of the email.
What's wrong with doing pre-queue filtering in amavis and rejecting the
mail to let them know there is an infection?

As far as I know, the closest you can come to what you describe with
amavis is setting
  $defang_virus = 1;
and then either
  $final_virus_destiny = D_PASS;
or more likely doing it for individual recipients
  read_hash(\%virus_lovers, '/etc/amavis/virus_lovers');
This should strip the attachments and pass on a warning, but you should
be able to retrieve the malware from quarantine.

Search RELEASE_NOTES.gz for mention of Anomy and altermime.  Neither of
these (nor MIMEDefang AFAIK) will actually defang by encrypting the
infected MIME parts, only by changing their name, but I suppose you
could replace altermime with an external script that say used
MIME::Parser and "zip -e".

Alternatively maybe notify recipients using $warnvirusrecip = 1;.



More information about the amavis-users mailing list