[clamav-users] Structured.CreditCardNumber bounce

Rob McKennon rmckennon at monetra.com
Fri Apr 1 15:48:43 UTC 2016 

On 04/01/2016 11:40 AM, Bowie Bailey wrote:
> On 4/1/2016 11:16 AM, Rob McKennon wrote:
>> On 04/01/2016 11:01 AM, Vladislav Kurz wrote:
>>> On Friday 01 of April 2016 Rob McKennon <rmckennon at monetra.com> wrote:
>>>
>>>> Hello,
>>>>
>>>>      One of the reasons we use clamav is to not accept emails with 
>>>> credit
>>>> card numbers.  And it works great to bounce the message back to the
>>>> sender.  However, according to PCI, sending the original message back
>>>> with the same credit card numbers they sent us, is just as bad as them
>>>> sending it to us in the first place.
>>>>
>>>>      Is there a way to tell clamav to send the bounce message with the
>>>> "INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT 
>>>> include
>>>> the original email?
>>> Hi,
>>>
>>> this is not setting of clamav itself. It should be configurable in 
>>> SMTP server
>>> or its antivirus interface like Amavis. Clamav just decides if the 
>>> file is
>>> infected or not. It is the SMTP server that decides what is sent back.
>>>
>> Ah, ok.
>>
>> Thank you for pointing me in the right direction!
>
> On the other hand, you shouldn't be sending bounce messages at all 
> (assuming you are using the correct terminology).  It is much better 
> to reject unwanted emails.
>
> Bounce - Your MTA accepts the message, determines that it's not 
> wanted, and sends a message back to the sender.
>
> Reject - Your MTA determines that the message is not wanted before 
> accepting it from the sending server and returns an error to the 
> sending server.  It is then up to the sending server to determine what 
> to do with the message.
>
> Once your MTA accepts the message, you have no reliable information 
> about the sender of the message.  Any bounce message you send is not 
> guaranteed to go back to the real sender of the message.  This can 
> turn your server into a source of bounceback spam.  It is much better 
> to simply reject the message and let the sender deal with it.  
> Legitimate messages will still have a bounce message sent from the 
> sending server and you don't have to worry about your server sending a 
> pile of bounce messages to an innocent third party whose email address 
> is being used by a spambot.
>
Thanx!  Guess I used the term bounce incorrectly.  After looking at my 
amavisd.conf file, I realized I have:
$final_virus_destiny      = D_REJECT;

So it is properly configured, just not behaving the way we want it to yet.


Rob.

More information about the clamav-users mailing list