Rob,
> > I'd like to use amavisd-new (2.4.1) to selectively pass viruses by name
> > through to selected mailboxes, without defining them as virus_lovers.
> Even better, is this a reasonable feature request for the next version? I'm
> not really comfortable with ClamAV's proposal to special-case phishing, and
> I think this sort of policy application really belongs in the
> content-filter layer.
Your request makes sense, sounds like a reasonable feature request,
if it turns out that a simple modification to @av_scanners wouldn't
suffice.
> ['ClamAV-clamd',
> \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
> qr/(\bOK|\.Phishing\.\S+ FOUND)$/, qr/(?!\.Phishing\.)(.*) FOUND$/,
> qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
Seems like a good approach. You should test it, but looks alright.
Btw, have you tried asking ClamAV folks to make an option to ignore
phishing test, or if it is possible to just remove them from a database?
> I can think of a couple of approaches:
> 1. Set up a policy bank that overrides @av_scanners, including:
That is certainly possible, but policy bank switching is done based
on some global attribute of a message, like client's IP address
or perhaps a sender address. It probably does not address your
need, which would be to ignore a virus test if it says 'phishing'.
As far as I understand it, you don't need a policy bank, just
replace a global setting in @av_scanners.
> 2. Set up quarantine to be delivered to some SMTP destination
> via virus_quarantine_to_maps instead of "local:" and have forwarding rules
> at the quarantine destination handle it. This would probably be more work
> to integrate with our existing stuff (quarantine expiry scripts, etc.)
Probably unnecessary work.
> 3. Just run a cron job that releases the messages I want from quarantine.
> This is what I have now.
>
> At a guess, option 1 would be the least disruptive to the rest of our
> environment, option 2 would be the easiest to extend with more users and
> virus name patterns, and option 3 the simplest to implement, though
> lacking some timeliness of delivery.
I think just modifying a global 'ClamAV-clamd' entry is the least work.
> Am I right in thinking that to use option 1 with Postfix, I'd need proper
> multi-instance and feed mail to amavisd via transport maps rather than
> content_filter to correctly handle multi-recipient mail? And would that
> break XFORWARD (TFM suggests it won't)?
Even if you use policy banks, there is rarely a need to use dual-instance
setup (one may want it for clarity, but that's up to personal taste).
Usually just an alternative -o content_filter setting on a specific
smtpd service suffices, or a FILTER on a restriction, or just the fact that
a client IP address belongs to mynetworks or not. But like said, you don't
need policy banks for your goal, unless you want to treat e.g. outgoing mail
differently.
Mark
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
