[clamav-users] Clamav-milter finds postive, goes to hold queue
Grant Taylor
gtaylor at tnetconsulting.net
Wed Feb 24 17:12:35 UTC 2021
On 2/24/21 9:47 AM, Joe Acquisto-j4 wrote:
> Back OT, my post was about dealing with items that have already
> been processed and are in the posfix HOLD queue, per the action of
> clamav-milter, waiting for disposition in some way.
Hypothetically, a milter, such as clamav-milter, could say:
```
This file looks suspicious, but none of my virus definition lists
confirm it. Hold on to this message for a while. Hopefully if it is a
bad message / file it's only a matter of time before the virus
definition lists are updated with the new signature.
```
Thus when someone / something processes the held / quarantined messages,
they will find this virus with the updated definition lists and be glad
that it was not sent on wards and delivered to an end user.
Aside: I use Sendmail's quarantine capability for messages to / from
specific domains. Currently lab domains and two customer domains that
forward which were receiving a spate of spam that made it through my
filters. So I manually review things to / from the lab or to the
customer and release clean messages.
With Sendmail, I unquarantine a message and it simply puts it back in
the mail queue for regular processing. Thus messages just spent longer
than normal on my mail server. -- I don't know how Postfix does
things, but I assume it's conceptually similar.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210224/2bf92212/attachment.bin>
More information about the clamav-users
mailing list