Giampaolo,
> I'm using amavis 2.5.2 and my current setup blocks any banned content,
> notifying the mail recipient about that.
>
> This is mostly fine, but when a new trojan, not yet detected either by
> clamav and bitdefender, starts to be received. Most of the times, these
> mails earn a spam score well above kill level, but since their content is
> also banned and CC_BANNED > CC_SPAM, they are quarantined AND the recipient
> gets notified.
>
> Now, I would prefer to silently kill them and I was wondering if this can
> be simply accomplished by changing the "contents_category constants"
> (approx @ lines 187 to 196 in amavisd), such that CC_BANNED < CC_SPAM.
>
> I would basically change this:
> sub CC_CATCHALL() { 0 }
> sub CC_CLEAN () { 1 }
> sub CC_MTA () { 2 }
> sub CC_OVERSIZED() { 3 }
> sub CC_BADH () { 4 }
> sub CC_SPAMMY() { 5 }
> sub CC_SPAM () { 6 }
> sub CC_UNCHECKED() { 7 }
> sub CC_BANNED() { 8 }
> sub CC_VIRUS () { 9 }
> to this:
> sub CC_CATCHALL() { 0 }
> sub CC_CLEAN () { 1 }
> sub CC_MTA () { 2 }
> sub CC_OVERSIZED() { 3 }
> sub CC_BADH () { 4 }
> sub CC_SPAMMY() { 5 }
> sub CC_BANNED() { 6 }
> sub CC_SPAM () { 7 }
> sub CC_UNCHECKED() { 8 }
> sub CC_VIRUS () { 9 }
>
> This way CC_BANNED would be 6, while CC_SPAM would be 7, thereby CC_BANNED
> < CC_SPAM and a non-virus spam mail would be killed regardless of its
> "banny" content.
>
> Is this enough? Is there any side-effect which I must account of?
There is one catch there: notification and log templates depend on
the hard-wired order of these numbers, e.g.
in admin notification:
Subject: [? [:ccat|major] |Clean mail|Clean mail|MTA-blocked mail|\
OVERSIZED mail|INVALID HEADER in mail|spam|SPAM|UNCHECKED contents in mail|\
BANNED contents (%F) in mail|VIRUS (%V) in mail]\
in sender notification:
Subject: [? [:ccat|major]
|Clean message from you\
|Clean message from you\
|Clean message from you (MTA blocked)\
|OVERSIZED message from you\
|BAD-HEADER in message from you\
|SPAM apparently from you\
|SPAM apparently from you\
|A message with UNCHECKED contents from you\
|BANNED message from you (%F)\
|VIRUS in message apparently from you (%V)\
]
and elsewhere where macro ccat is used in templates.
The program code itself should be fine regardless of the order
of CC_* constants.
So it is doable, but is not trivial to catch and fix all the uses
in templates which depend on the order of categories.
Instead, for most cases it should suffice to keep the
dsn_cutoff_level values reasonably low. If such new undetected
viruses would collect enough spam points to exceed the cutoff level
(even if it were also blocked as banned), the non-delivery notification
would be suppressed due to high spam score.
Mark
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
