Virus detected but still relayed

Igor Sverkos igor.sverkos at gmail.com
Thu Feb 11 22:13:46 CET 2016


Hi,

mails from my own users should be scanned for SPAM/viruses.

If anything was found mail should be saved to quarantaine, my sending
user and admin should be notified but the mail should _not_ be relayed
(=the recipient should never get an infected mail).

My configuration:

// Set defaults
$final_virus_destiny      = D_REJECT;
$final_banned_destiny     = D_REJECT;
$final_spam_destiny       = D_REJECT;
$final_bad_header_destiny = D_REJECT;

$virus_quarantine_method        = 'local:%i-virus-%m';
$spam_quarantine_method         = 'local:%i-spam-%m';
$banned_files_quarantine_method = 'local:%i-banned-%m';
$bad_header_quarantine_method   = 'local:%i-badh-%m';
$clean_quarantine_method        = 'local:%i-clean-%m';
$unchecked_quarantine_method    = 'local:%i-unchecked-%m';

$virus_quarantine_to          = 'virus-quarantine';
$banned_quarantine_to         = 'banned-quarantine';
$spam_quarantine_to           = 'spam-quarantine';
$bad_header_quarantine_to     = 'bad-header-quarantine';
$clean_quarantine_to          = 'clean-quarantine';
$unchecked_quarantine_to      = 'unchecked-quarantine';

$newvirus_admin   = undef;
$virus_admin      = undef;
$spam_admin       = undef;
$banned_admin     = undef;
$bad_header_admin = undef;

// No bypass defined!
@bypass_virus_checks_maps  = (
    \%bypass_virus_checks,
    \@bypass_virus_checks_acl,
    \$bypass_virus_checks_re
);

@bypass_banned_checks_maps = (
    \%bypass_banned_checks,
    \@bypass_banned_checks_acl,
    \$bypass_banned_checks_re
);

@bypass_header_checks_maps = (
    \%bypass_header_checks,
    \@bypass_header_checks_acl,
    \$bypass_header_checks_re
);

@bypass_spam_checks_maps   = (
    \%bypass_spam_checks,
    \@bypass_spam_checks_acl,
    \$bypass_spam_checks_re
);

// suspicious-mails@ is a special inbox from IT department
// to investigate suspicious mails ;)
//
// abuse@ should always get mails
@virus_lovers_maps = (
    'suspicious-mails at example.net' => 1
);

@banned_files_lovers_maps = (
    'suspicious-mails at example.net' => 1
);

@spam_lovers_maps = (
    'abuse at example.net'            => 1,
    'suspicious-mails at example.net' => 1
);

@bad_header_lovers_maps = (
    'abuse at example.net'            => 1,
    'suspicious-mails at example.net' => 1
);

$policy_bank{'INT'} = {
    originating                    => 1,
    virus_admin_maps               => ['postmaster at example.net'],
    spam_admin_maps                => ['postmaster at example.net'],
    final_virus_destiny            => D_BOUNCE,
    final_spam_destiny             => D_BOUNCE,
    bypass_banned_checks_maps      => [ 1 ],
    clean_quarantine_method        => undef
};


>From logs I see that policy "INT" will be used when my own users are
sending through my system (so this is not the problem).

Also "postmaster at example.net" will be notified like expected when one
of my users is sending EICAR test virus for example, but not the user
itself sending the infected mail.

The notification for postmaster contains the text "The message WILL BE
relayed to: <recipient-address>".

However the infected mail will pass, leave our system and reach the recipient :/


-- 
Regards,
Igor


More information about the amavis-users mailing list