Tim Janes wrote:
>
> Hi,
>
> I run a small company email gateway that handles about 2500 email per day,
> qmail-scanner has worked brilliantly for a couple of years, usually
> finding 1 or 2 virus per day.
>
> However during the last week 2 of our users have been getting a large
> volume of Gibe/F virus, one user in excess of 350 per day , the other
> around 50 per day.
>
> Some of the emails are to both so presumably the source is related. I have
> looked at the sending IP numbers to see if I can block at that level but
> there are dozens.
>
> The only thing I can thick of doing is to extend the idea of silent_virus
> so that I can specify soming like
>
> if (($virus = "gibe") && ($recip = "problem.user")) {
> silently junk without any notification to anyone
> }
I've never been able to figure out why anyone would want to notify the
recipient anyway. I turn that off on my copy of qmail-scanner. My users
don't want to know that they almost received a virus. They just don't
want to receive it in the first place.
As for not notifying admin via email, yes, that's a great idea. I just
turn off notifications to admin (but keep notifications to the sender):
--notify sender
And turn on logging:
--log-details syslog
And now I don't receive 1000 virus notification emails a day anymore.
You can use something like swatch:
http://swatch.sourceforge.net/
To monitor your virus logs and send emails or perform other actions (like paging
you) when something really important happens, like an internal user sending
a virus to your mail server.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
