I recently upgraded to ClamAV 0.95.3 and have been grappling with
the new milter. I understand why it was rewritten, but there's one
aspect of the previous functionality that I really miss. I'm hoping
there's a way to emulate it (possibly with Sendmail config) and
wonder if anyone has any advice.
Prior to 0.95, I had my clamav-milter configured to quarantine messages
and reject them. So the sender got a 550 SMTP response, and we got
a copy of the payload they were trying to send.
In 0.95.3, I have the choice to tell the milter to Reject the message
(which results in no quarantine) or to quarantine the message (which
results in sendmail giving the sender a 200 "message accepted"
response).
The problem with this is false positives. We don't see many FPs
with ClamAV, but we do get them a few times per year. We don't see
FPs with the main ClamAV databases, but we see a few with the
supplemental signatures from SaneSecurity for example.
The FP rate is very low, but in the case of an FP it's very helpful
if (1) the sender got a reject so they know the message was not delivered
*and* (2) we have a copy of the payload to look at, diagnose, whitelist,
and possibly report the FP.
Does anyone know a way to make sendmail return a 550 for quarantined
messages? I'm using Sendmail 8.14.3.
Thanks,
Mark
--
Mark Costlow | Southwest Cyberport | Fax: +1-505-232-7975
che...@swcp.com | Web: www.swcp.com | Voice: +1-505-232-7992
abq-strange.com -- Interesting photos taken in Albuquerque, NM
Last post: Shoe Pole - 2009-07-07 20:18:22
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
