On Mon, 9 Nov 2009 13:30:34 -0700
Mark Costlow <che...@swcp.com> replied:
> I recently upgraded to ClamAV 0.95.3 and have been grappling with
> the new milter. I understand why it was rewritten, but there's one
> aspect of the previous functionality that I really miss. I'm hoping
> there's a way to emulate it (possibly with Sendmail config) and
> wonder if anyone has any advice.
>
> Prior to 0.95, I had my clamav-milter configured to quarantine
> messages and reject them. So the sender got a 550 SMTP response, and
> we got a copy of the payload they were trying to send.
>
> In 0.95.3, I have the choice to tell the milter to Reject the message
> (which results in no quarantine) or to quarantine the message (which
> results in sendmail giving the sender a 200 "message accepted"
> response).
>
> The problem with this is false positives. We don't see many FPs
> with ClamAV, but we do get them a few times per year. We don't see
> FPs with the main ClamAV databases, but we see a few with the
> supplemental signatures from SaneSecurity for example.
>
> The FP rate is very low, but in the case of an FP it's very helpful
> if (1) the sender got a reject so they know the message was not
> delivered *and* (2) we have a copy of the payload to look at,
> diagnose, whitelist, and possibly report the FP.
>
> Does anyone know a way to make sendmail return a 550 for quarantined
> messages? I'm using Sendmail 8.14.3.
You don't want to bounce the message, yet you are telling the sender
that it was not delivered. That is inconsistent. Why not simply send a
notice to the email originator that the message was quarantined? That
would be consistent and factually correct.
--
Jerry
ges...@yahoo.com
|::::=======
|::::=======
|===========
|===========
|
Modeling paged and segmented memories is tricky business.
P. J. Denning
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
