Virus notification

Tom Hendrikx tom at whyscream.net
Tue Mar 8 18:14:01 CET 2016


On 08-03-16 16:56, @lbutlr wrote:
> before I duplicate work, I thought I’d check if someone else has
> already done something like this.
> 
> Currently, amavis sends a notification to the Virusalert at mydomain.tld
> address when it catches something with a forbidden (BANNED)
> attachment.
> 
> I’d like to create a notification email for the original user that
> says something like “an email from <senderaddress> was blocked
> because it had an attachment of type $TLX" where $TLX is the
> attachment extension that was caught by amavisd.
> 

Seeing that most of the stuff that I catch with a virus scanner on
incoming mail is sent by a bad guy (or a botnet on behalf of a bad guy),
and not by an innocent person with a PC that generates macro-infected
office documents (for instance).

The mail from the bad guy is never sent from a valid address, so you'll
be generating backscatter when you inform the envelope sender. As most
of teh messages are crap anyway, you'll be annoying the envelope
recipient too with mostly useless messages: you're replaing the original
message with a new one that will be moved into the junk folder by the
recipient most of the time.

It's way better to scrub the attachment and send the message along, in
that way the recipient can at least see the original message contents
(without the attachment).

Regards,
	Tom

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160308/f70f9000/attachment.sig>


More information about the amavis-users mailing list