final_virus_destiny D_REJECT
Rob McKennon
rmckennon at monetra.com
Fri Apr 1 22:14:19 CEST 2016
On 04/01/2016 03:51 PM, lists at mbchandler.net wrote:
> On 2016-04-01 1:35 pm, Rob McKennon wrote:
>> Hello,
>>
>> We are setting up Amavis and Clamav to detect credit cards coming into
>> our email, and it's working. However, it's returning the original
>> email to the sender, which also contains the credit card numbers.
>> Receiving the credit card numbers is bad enough, sending them back out
>> again violates PCI. Is there a way to reject the email without
>> returning the original email content? Below is a returned email with
>> test numbers as an example.
>>
>> Thank you,
>>
>> Rob McKennon
>>
>> The mail system
>>
>> <xxxxxxxxxx>: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject,
>> id=06026-19 - INFECTED: Heuristics.Structured.CreditCardNumber (in
>> reply to end of DATA command)
>>
>> Final-Recipient: rfc822;xxxxxxxxxxxxx
>> Original-Recipient: xxxxxxxxxxxxxx
>> Action: failed
>> Status: 5.7.0
>> Remote-MTA: dns; 127.0.0.1
>> Diagnostic-Code: smtp; 554 5.7.0 Reject, id=06026-19 - INFECTED:
>> Heuristics.Structured.CreditCardNumber
>
> I removed your test numbers since anyone with DLP turned on might not
> get the email.
>
>
>
> I'm using the following which just discards the message:
> $final_virus_destiny = D_DISCARD;
>
> But it would be nice to be able to strip out the CC or SSN numbers and
> send the message on to the recipient.
Good catch with the DLP, I didn't think about that! But D_DISCARD I
don't think is an option. We need the originator of the message to
understand that we rejected the mail because it contained credit card
numbers.
Rob.
More information about the amavis-users
mailing list