Jack wrote: > Hi, > Our security team wants to use the following logic for Virus > Notifications and I haven't quite figured out how to do it inside of > Amavisd. The logic is:
> *) Alert the virus admin any messages sent to security@ (It may be > acceptable to send notification to the destination instead/also). I think $warnvirusrecip is about as close as you are going to get without modifying code. > *) Alert all recipients for any viruses that do not spoof e-mail > addresses ( alert on "uncommon" viruses, word macros, etc - but don't > alert on MyTob, etc.) You would need a table (@viruses_that_fake_sender_maps) of the name of every virus (for your particular virus scanner) that does spoof addresses (this would have to be maintained on a daily basis). Then you would have to assume that none of the ones that don't will never fake an address (assumption). Then you would need to change some code to only send notification if the virus was not in the table (similar to what $final_virus_destiny = D_BOUNCE; does now). I think $warnvirusrecip is about as close as you are going to get without modifying code. > *) Alert the virus administrator to all viruses sent from internal hosts. http://marc.theaimsgroup.com/?l=amavis-user&m=112985081119781&w=2 > Is there the equivalent of score sender maps for virus alerts? With @virus_admin_maps you could set a different virus_admin for each and every recipient (they could even be their own virus_admin), but other than that, I don't see the correlation. > Thanks in advance for any pointers. > ---Jack My 0.2 (and probably not worth that) Gary V ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
