On 2/18/2016 7:25 PM, Gene Heskett wrote: > On Thursday 18 February 2016 12:48:42 Michael Grant wrote: > >> Then let me be more clear... >> >> I want to reject the message. I do not want the message arriving at >> the recipient. However, the message that is passed to clamd, if this >> is discovered to contain a virus, I want to save that into a file in a >> directory so that I can come back later and look at it. >> >> Ignore anything about delivering it. That is not pertinent. For all >> intents and purposes, the message with a virus is rejected at the SMTP >> level before the SMTP connection goes away. > > You simply can not do both.
Of course you can reject and quarantine for inspection, but it must happen at the internet-facing MTA during the initial SMTP, not later. The only change required is the infected message is saved to quarantine for inspection rather than discarded. The sender still receives a 5xx reject notice. Other software can do this already, but clamav-milter doesn't offer this feature yet, other than the option to save (all) temporary files. > What you can do is quaranteen it for later > inspection so here, I use a procmail recipe to run it thru clamscand, Right, it's not possible to reject & quarantine with procmail since the message has already been received and it's too late to reject it. Reject & quarantine can only be done at the internet facing MTA during the initial SMTP, where it's trivial. -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
