> Citeren Joe Acquisto-j4 <j...@j4computers.com>: > >> Another question from the peanut gallery (a kids TV show reference from >> the 1950's. Which should tell you something) . . . >> >> With a local test email EICAR is detected and fed back to postfix. >> Ends up in hold queue as you would expect as >> per below as /var/log/mail says: (snipped) >> >> "postfix/cleanup[18137]: 686483954B: milter-hold: END-OF-MESSAGE >> from localhost[127.0.0.1]: milter triggers HOLD action; from=" >> >> Probably this is a postifx thing, and I need to deal with that but, >> just for a sanity check (always a treat) is there something in >> /etc/clamav-milter.conf >> or elsewhere on the clamav side that can that behavior (while >> preserving the email for further disposition that is)? >> >> Just FYI at this point, wisp of idea is to process the hold queue >> (given the milter hold action will not change), >> alter the subject line per the "X-Virus-Status: Infected" text in >> the header and forward it on to the user, >> generally me. > > You probably want to lookup how to process messages from the HOLD > queue in Postfix. >
Strikes me my first thought may be a poor choice. Wondering now what people generally do with infected mail? That is, is there a general consensus? Would it be "safe" (for the systems) to simply send the mail through, to the end use and merely tag the subject line with "Virus Detected" as SPAM messages are done? Send them to a quarantine mailbox for human review? Notify an administrator there is email being "held"? joe a. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
