[clamav-users] clamav-milter reject and quarantine?
Dennis Peterson
dennispe at inetnw.com
Fri Feb 19 05:56:46 UTC 2016
This isn't the place for this debate, but if you accept a message you own it and
are compelled to deliver it. If you reject it before the final protocol ". [cr]
you can to anything you want with it forensically, but you can't deliver it. The
sender still owns it. If people don't accept this then messaging as we know it
is doomed to mail loops and law suits.
dp
On 2/18/16 5:52 PM, Noel Jones wrote:
> On 2/18/2016 7:25 PM, Gene Heskett wrote:
>> On Thursday 18 February 2016 12:48:42 Michael Grant wrote:
>>
>>> Then let me be more clear...
>>>
>>> I want to reject the message. I do not want the message arriving at
>>> the recipient. However, the message that is passed to clamd, if this
>>> is discovered to contain a virus, I want to save that into a file in a
>>> directory so that I can come back later and look at it.
>>>
>>> Ignore anything about delivering it. That is not pertinent. For all
>>> intents and purposes, the message with a virus is rejected at the SMTP
>>> level before the SMTP connection goes away.
>> You simply can not do both.
> Of course you can reject and quarantine for inspection, but it must
> happen at the internet-facing MTA during the initial SMTP, not later.
>
> The only change required is the infected message is saved to
> quarantine for inspection rather than discarded. The sender still
> receives a 5xx reject notice. Other software can do this already,
> but clamav-milter doesn't offer this feature yet, other than the
> option to save (all) temporary files.
>
>> What you can do is quaranteen it for later
>> inspection so here, I use a procmail recipe to run it thru clamscand,
> Right, it's not possible to reject & quarantine with procmail since
> the message has already been received and it's too late to reject
> it. Reject & quarantine can only be done at the internet facing MTA
> during the initial SMTP, where it's trivial.
>
>
>
> -- Noel Jones
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list