Hi everybody.
Thanks to Amavis, most of the malware received by my MX is blocked either
because they are known viruses, or because they are banned parts.
I block all the MS executables. The net result is that most of the time
banned message do are undetected viruses, but occasionally they of course
are legit files (software upgrades and the like).
I worked on the recipient message template for banned messages in order to
put there a link to an http page which allows releasing the message. That
page even involves clamd to see if some content of the banned message had
been meanwhile reported as a virus. This also lets me disable releasing a
message by (manually) accessing the banned part or file and using ClamAV's
sigtool to locally mark the content as a virus.
Everything works quite well and I'm satisfied.
But I would like to go a bit further automating some checks I'm used to do
when a message gets banned.
I would like to:
1) administratively invoke the ClamAV's sigtool on a banned
part/file;
2) allow users to automatically invoke a VirusTotal scan on the
banned part(s)/file(s).
In order to do this, I need access to the banned part or file. At first, I
was thinking of somehow "replicate" the job amavis do in decoding a message.
I see however that amavis does really a good job in this, such that it seems
to me that it could be difficult (and possibly unreliable) to replicate. Not
even to mention the waste of cpu cycles in "duping" this feature. Or even
the fact that duping this feature outside would probably imply having two
configuration points which may easily "get apart"...
So, is there a way to have amavis kindly "share" these banned contents? Or
the only way we have is to re-decode a message?
Regards,
Giampaolo
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
