Ronald Vazquez NLM wrote: > Hello: > > I have been tasked with configuring MIMEDefang to allow a virus to come in thr u the first instance, tag it with X-RrestrictedAttachment to allow our virus sca nner to process it. The idea is that once Trend Micro drops the attachment, we can scan the body with the second instance of MD and drop the virus notification . > > Why? There are some extensions that even though they are stripped, we do noti fy our users of the action so they can take appropriate action. This means that we only want to stop notifications for uncleanable attachments. > > Do anybody know a better way to accomplish this? The goal is to avoid notifyi ng our users of every virus-infected email we drop while still notifying them ab out a VBA file they were waiting for. > > Thanks in advance, > Ronald Vazquez Ronald,
Answer from Alan Premselaar: It seems to me that because of the nature of most of today's viruses, you don't want to send any notifications if they tested positive. Since often the sender is forged, it's generally a bad idea to notify the sender. Since it's a virus, it's not usually something expected by the recipient anyways, so the notification only adds noise to the end-user's mailbox. in the case of a VBA file that gets quarantined or rejected, etc. that could be caught with the bad_filename routines (not necessarily a virus) and you could choose to make notifications seperate for those than your virus handling. ALthough I would still caution that rejected bad_filenames will also hit potential virus attachments and still cause noise down the line. As a matter of policy, I reject (550 SMTP reject) any virus infected or bad_filename emails. if there's a legitimate user at the other end, they'll get notification of the failure. if there isn't, the noise should be minimal. hope this is helpful alan _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang New question: Alan: Thank you for the answer. My problem is that I have to follow procedure and and let the virus come in on port 25, tag it, hopefully Trend Micro will do it's job by deleting the virus, we will then scan the body, look for the tag and MD will suppress the tagged email notification at 10025 when. I am looking for help in writting a filter that would allow this action. Now, how could I accomplish what I just described? Thanks in advance Ronald Vazquez _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
