On Sat, 17 Apr 2004, Matthew Seaman wrote: > On Sat, Apr 17, 2004 at 02:00:59PM -0400, Chuck Swiger wrote: > > Warren Block wrote: > > >What do people do for milter logging? A MAILER-DAEMON message for every > > >virus caught by clamav-milter is a little annoying (both to the intended > > >recipient and to postmaster), but I'm hesitant to just discard them. > > clamav-milter logs what it does to syslog very effectively. The > warning messages to postmaster aren't really necessary but for a low > traffic site, they do give you some vicarious pleasure for a while.
My mistake was that in trying to make sure I didn't bounce virus mail to forged From: addresses, I overrode the default clamav-milter flags with just -N (--noreject). This was not the correct option, and not the only option needed. "--quiet --local --outgoing --max-children=50" seems to be more like what was needed. > > Refusing to accept viral mail is the best option if you can; failing that, > > I discard such messages. Frankly, I gave up bouncing viral mail after I > > got tired of answering complaints when someone got a bounce from a > > forgery... I've said elsewhere that it's silly for an antivirus program to trust *any* information in a known virus-generated message. That would include bouncing to the From: address. > Yes -- rejecting the messages at the SMTP DATA stage is the way to go. Which is what is accomplished with clamav-milter, at least with the right combination of flags. 8-) I'd still like some summary logging of the results; if a system has sent a lot of viruses recently, it may be necessary to reject them through access.db, or even at the firewall. -Warren Block * Rapid City, South Dakota USA _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"