[clamav-users] clamav-milter reject and quarantine?
Noel Jones
njones at megan.vbhcs.org
Fri Feb 19 01:52:05 UTC 2016
On 2/18/2016 7:25 PM, Gene Heskett wrote:
> On Thursday 18 February 2016 12:48:42 Michael Grant wrote:
>
>> Then let me be more clear...
>>
>> I want to reject the message. I do not want the message arriving at
>> the recipient. However, the message that is passed to clamd, if this
>> is discovered to contain a virus, I want to save that into a file in a
>> directory so that I can come back later and look at it.
>>
>> Ignore anything about delivering it. That is not pertinent. For all
>> intents and purposes, the message with a virus is rejected at the SMTP
>> level before the SMTP connection goes away.
>
> You simply can not do both.
Of course you can reject and quarantine for inspection, but it must
happen at the internet-facing MTA during the initial SMTP, not later.
The only change required is the infected message is saved to
quarantine for inspection rather than discarded. The sender still
receives a 5xx reject notice. Other software can do this already,
but clamav-milter doesn't offer this feature yet, other than the
option to save (all) temporary files.
> What you can do is quaranteen it for later
> inspection so here, I use a procmail recipe to run it thru clamscand,
Right, it's not possible to reject & quarantine with procmail since
the message has already been received and it's too late to reject
it. Reject & quarantine can only be done at the internet facing MTA
during the initial SMTP, where it's trivial.
-- Noel Jones
More information about the clamav-users
mailing list