Andrew Kaplan wrote: > As a general rule of thumb, what is the oldest a file should be from > any given day that is in the quarantine directory > before it should be deleted from the system?
We run a script monthly that compresses anything in the quarantine directory over 31 days old. $ cat /etc/cron.monthly/md-quarantine-archive #!/bin/sh # This archives all MIMEDefang-quarantined email over 31 days old # archive everything more than 31 days old find /var/spool/MD-Quarantine -maxdepth 1 -daystart -mtime +31 | xargs tar czvf /var/spool/MD-Quarantine-Archive/31-days-before-`date --iso-8601`.tar.gz # now delete everything more than 31 days old find /var/spool/MD-Quarantine -maxdepth 1 -daystart -mtime +31 | xargs rm -rf exit 0 We've never cleaned out the quarantine archive: $ ls /var/spool/MD-Quarantine-Archive/ 31-days-before-2004-11-01.tar.gz 31-days-before-2004-12-01.tar.gz 31-days-before-2005-01-01.tar.gz 31-days-before-2005-02-01.tar.gz 31-days-before-2005-03-01.tar.gz 31-days-before-2005-04-01.tar.gz 31-days-before-2005-05-01.tar.gz 31-days-before-2005-06-01.tar.gz 31-days-before-2005-07-01.tar.gz 31-days-before-2005-08-01.tar.gz 31-days-before-2005-09-01.tar.gz 31-days-before-2005-10-01.tar.gz 31-days-before-2005-11-01.tar.gz 31-days-before-2005-12-01.tar.gz 31-days-before-2006-01-01.tar.gz 31-days-before-2006-02-01.tar.gz 31-days-before-2006-03-01.tar.gz 31-days-before-2006-04-01.tar.gz 31-days-before-2006-05-01.tar.gz So we keep things "indefinitely." I am occasionally tempted to run ClamAV on the quarantine directory prior to archiving, just to make sure that I'm only archiving things that could be useful. But I haven't gone that far yet. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer _______________________________________________ http://lurker.clamav.net/list/clamav-users.html