On 04/01/2016 11:40 AM, Bowie Bailey wrote:
On 4/1/2016 11:16 AM, Rob McKennon wrote:
On 04/01/2016 11:01 AM, Vladislav Kurz wrote:
On Friday 01 of April 2016 Rob McKennon <rmcken...@monetra.com> wrote:
Hello,
One of the reasons we use clamav is to not accept emails with
credit
card numbers. And it works great to bounce the message back to the
sender. However, according to PCI, sending the original message back
with the same credit card numbers they sent us, is just as bad as them
sending it to us in the first place.
Is there a way to tell clamav to send the bounce message with the
"INFECTED: Heuristics.Structured.CreditCardNumber" data, but NOT
include
the original email?
Hi,
this is not setting of clamav itself. It should be configurable in
SMTP server
or its antivirus interface like Amavis. Clamav just decides if the
file is
infected or not. It is the SMTP server that decides what is sent back.
Ah, ok.
Thank you for pointing me in the right direction!
On the other hand, you shouldn't be sending bounce messages at all
(assuming you are using the correct terminology). It is much better
to reject unwanted emails.
Bounce - Your MTA accepts the message, determines that it's not
wanted, and sends a message back to the sender.
Reject - Your MTA determines that the message is not wanted before
accepting it from the sending server and returns an error to the
sending server. It is then up to the sending server to determine what
to do with the message.
Once your MTA accepts the message, you have no reliable information
about the sender of the message. Any bounce message you send is not
guaranteed to go back to the real sender of the message. This can
turn your server into a source of bounceback spam. It is much better
to simply reject the message and let the sender deal with it.
Legitimate messages will still have a bounce message sent from the
sending server and you don't have to worry about your server sending a
pile of bounce messages to an innocent third party whose email address
is being used by a spambot.
Thanx! Guess I used the term bounce incorrectly. After looking at my
amavisd.conf file, I realized I have:
$final_virus_destiny = D_REJECT;
So it is properly configured, just not behaving the way we want it to yet.
Rob.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
