On 2/24/21 9:47 AM, Joe Acquisto-j4 wrote:
Back OT, my post was about dealing with items that have already been processed and are in the posfix HOLD queue, per the action of clamav-milter, waiting for disposition in some way.
Hypothetically, a milter, such as clamav-milter, could say: ```This file looks suspicious, but none of my virus definition lists confirm it. Hold on to this message for a while. Hopefully if it is a bad message / file it's only a matter of time before the virus definition lists are updated with the new signature.
```Thus when someone / something processes the held / quarantined messages, they will find this virus with the updated definition lists and be glad that it was not sent on wards and delivered to an end user.
Aside: I use Sendmail's quarantine capability for messages to / from specific domains. Currently lab domains and two customer domains that forward which were receiving a spate of spam that made it through my filters. So I manually review things to / from the lab or to the customer and release clean messages.
With Sendmail, I unquarantine a message and it simply puts it back in the mail queue for regular processing. Thus messages just spent longer than normal on my mail server. -- I don't know how Postfix does things, but I assume it's conceptually similar.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
