Gregory Sloop via amavis-users
amavis-users at amavis.org
Thu May 22 04:29:46 CEST 2014
I've done a fair bit of reading, both of the docs, web walk-throughs and the list archives.
However, I'm not sure if what I want to do is supported:
Given: Ununtu 12.04 / Postfix / Dovecot / Amavis-new [2.3.3]
Users are local users, not virtual.
Not using LDAP or MySQL etc to handle users/configurations.
Like everyone, we're getting more and more hostile attachments - which is the primary motivator for Amavis.
Up to now, we've used client side AV scanning etc. However, the attachments we're getting are zero-day exploits in most cases, where the AV engines simply don't recognize them yet. [Given a day or three, they are, but not when received.]
So, I need to start doing attachment filtering. As long as we're at it, we should have adequate capacity to also do ClamAV - which will get us a small leg-up, perhaps.
But I'm not counting on ClamAV to catch the problem attachments.
However, we can't just block every .zip file for example. Some zips from some senders are legit.
Further, I don't want to block mail without generating a bounce reply. [An alternative would be rejecting it before accept at the MTA]
But generating a bounce for blocked attachments will cause a host of back-scatter.
So, it seems the options are: Block completely, at the MTA, some attachments that we'll never accept. [.exe for example.]
I hope to use amavis to scan, for example, zip attachments for viruses, and if found quarantine them. [Though zips aren't the only one, this is simply an example.]
For some users, we'll quarantine all zip files. However, for other users [and/or, some senders] we'll accept those attachments. [And yes, I fully understand that the envelope sender can be forged, and can't be trusted. However, it probably is better than doing nothing.]
Finally, I'd like to scan archives for particular files. For example, we'll accept a zip, and even if the AV thinks it's clean, if the zip contains a .exe we should still quarantine.
Is this possible, in general?
Any pointers as to how best to approach it?
Any good example threads or web-pages?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the amavis-users