[clamav-users] Structured.CreditCardNumber bounce

Bowie Bailey Bowie_Bailey at BUC.com
Fri Apr 1 15:40:24 UTC 2016 

On 4/1/2016 11:16 AM, Rob McKennon wrote:
> On 04/01/2016 11:01 AM, Vladislav Kurz wrote:
>> On Friday 01 of April 2016 Rob McKennon <rmckennon at monetra.com> wrote:
>>
>>> Hello,
>>>
>>>      One of the reasons we use clamav is to not accept emails with 
>>> credit
>>> card numbers.  And it works great to bounce the message back to the
>>> sender.  However, according to PCI, sending the original message back
>>> with the same credit card numbers they sent us, is just as bad as them
>>> sending it to us in the first place.
>>>
>>>      Is there a way to tell clamav to send the bounce message with the
>>> "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT 
>>> include
>>> the original email?
>> Hi,
>>
>> this is not setting of clamav itself. It should be configurable in 
>> SMTP server
>> or its antivirus interface like Amavis. Clamav just decides if the 
>> file is
>> infected or not. It is the SMTP server that decides what is sent back.
>>
> Ah, ok.
>
> Thank you for pointing me in the right direction!

On the other hand, you shouldn't be sending bounce messages at all 
(assuming you are using the correct terminology).  It is much better to 
reject unwanted emails.

Bounce - Your MTA accepts the message, determines that it's not wanted, 
and sends a message back to the sender.

Reject - Your MTA determines that the message is not wanted before 
accepting it from the sending server and returns an error to the sending 
server.  It is then up to the sending server to determine what to do 
with the message.

Once your MTA accepts the message, you have no reliable information 
about the sender of the message.  Any bounce message you send is not 
guaranteed to go back to the real sender of the message.  This can turn 
your server into a source of bounceback spam.  It is much better to 
simply reject the message and let the sender deal with it.  Legitimate 
messages will still have a bounce message sent from the sending server 
and you don't have to worry about your server sending a pile of bounce 
messages to an innocent third party whose email address is being used by 
a spambot.

-- 
Bowie

More information about the clamav-users mailing list