amavis,postfix,clamav
Cedric Knight via amavis-users
amavis-users at amavis.org
Sun May 11 10:53:04 CEST 2014
> Am 07.05.2014 20:51, schrieb Karl Heinz Wichmann:
>> But how can i config amavis that when clamav found an virus, that the
>> user get the original mail and the attachment should be zipped with a
>> password. So that he can not open the attachment.
On 10/05/14 20:20, Karl Heinz Wichmann via amavis-users wrote:> Hallo
>
> Does anyone have a clue?
A clue rather than a complete answer. Firstly, I'm not sure how
desirable your suggested behaviour is nowadays since very little
infected email is likely to be from a legitimate sender; I can't
remember the last time I saw a Word macro virus. And you'd have to be
careful with JS or VBS malware or deceptive in the body of the email.
What's wrong with doing pre-queue filtering in amavis and rejecting the
mail to let them know there is an infection?
As far as I know, the closest you can come to what you describe with
amavis is setting
$defang_virus = 1;
and then either
$final_virus_destiny = D_PASS;
or more likely doing it for individual recipients
read_hash(\%virus_lovers, '/etc/amavis/virus_lovers');
This should strip the attachments and pass on a warning, but you should
be able to retrieve the malware from quarantine.
Search RELEASE_NOTES.gz for mention of Anomy and altermime. Neither of
these (nor MIMEDefang AFAIK) will actually defang by encrypting the
infected MIME parts, only by changing their name, but I suppose you
could replace altermime with an external script that say used
MIME::Parser and "zip -e".
Alternatively maybe notify recipients using $warnvirusrecip = 1;.
HTH
CK
More information about the amavis-users
mailing list