Kevin A. McGrail wrote:
> Hello All,
>
> I'd like to send an email with virus notification for recipients
> internally (NOT for Senders) as we have had a few instances where
> something important was stripped.
> ...
> My hopes is that this will essentially just send a simple note to a
> user that they would have received a virus but now they are just
> receiving this little email. Can anyone confirm or recommend a
> better solution?
What we do is:
Run clamav - if a virus is found, reject delivery. Real viruses don't generate
undeliverable reports to the sender. Legitimate mail senders usually do.
Do an extension analysis - if the file still looks dangerous (but isn't a
recognized virus), we quarantine the attachment and replace it with a
warning#.txt containing a customized message. Most of the time the thing
really was dangerous and that's the last we hear of it. The 1% of the time
that the thing was really good, the user reads the customized message. The
message says how to get the thing out of quarantine - namely, forward the
message to the helpdesk. The message also includes a command line that the
helpdesk can copy/paste into a command prompt. This scp's the attachment out
of quarantine.
The helpdesk can then eyeball the attachment to make sure the user isn't off
base, as has happened. (Yes, I've had people request that viral things be
pulled out of quarantine... *sigh*) If it looks good, the helpdesk replies to
the original user and attaches the now unquarantined attachment.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
