Re: [clamav-users] clamav-milter reject and quarantine?

Thu, 18 Feb 2016 21:57:49 -0800

This isn't the place for this debate, but if you accept a message you own it and are compelled to deliver it. If you reject it before the final protocol ". [cr] you can to anything you want with it forensically, but you can't deliver it. The sender still owns it. If people don't accept this then messaging as we know it is doomed to mail loops and law suits. 

dp

On 2/18/16 5:52 PM, Noel Jones wrote:

On 2/18/2016 7:25 PM, Gene Heskett wrote:

On Thursday 18 February 2016 12:48:42 Michael Grant wrote:


Then let me be more clear...

I want to reject the message.  I do not want the message arriving at
the recipient.  However, the message that is passed to clamd, if this
is discovered to contain a virus, I want to save that into a file in a
directory so that I can come back later and look at it.

Ignore anything about delivering it.  That is not pertinent.  For all
intents and purposes, the message with a virus is rejected at the SMTP
level before the SMTP connection goes away.

You simply can not do both.

Of course you can reject and quarantine for inspection, but it must
happen at the internet-facing MTA during the initial SMTP, not later.

The only change required is the infected message is saved to
quarantine for inspection rather than discarded.  The sender still
receives a 5xx reject notice.  Other software can do this already,
but clamav-milter doesn't offer this feature yet, other than the
option to save (all) temporary files.


What you can do is quaranteen it for later
inspection so here, I use a procmail recipe to run it thru clamscand,

Right, it's not possible to reject & quarantine with procmail since
the message has already been received and it's too late to reject
it.  Reject & quarantine can only be done at the internet facing MTA
during the initial SMTP, where it's trivial.



   -- Noel Jones
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to