Re: [AMaViS-user] Rewrite subject of virus infected mails
Cian,
I was wondering if there's an easy way of getting amavisd-new to
rewrite the subject of virus infected e-mail? I just want to add a
INFECTED tag or something.
...
As far as I know, the $defang_virus = 1 will change the body
so isn't really an option for us.
It does add '***INFECTED*** ' to the Subject by default
for passed infected mail to a local recipient:
%subject_tag_maps_by_ccat = (
CC_VIRUS, [ '***INFECTED*** ' ],
CC_BANNED, undef,
CC_UNCHECKED, sub { [ c('undecipherable_subject_tag') ] },
CC_SPAM,undef,
CC_SPAMMY.',1', sub { ca('spam_subject_tag3_maps') },
CC_SPAMMY, sub { ca('spam_subject_tag2_maps') },
CC_CLEAN.',1', sub { ca('spam_subject_tag_maps') },
);
You may change the text, e.g.:
$subject_tag_maps_by_ccat{+CC_VIRUS} = [ 'WARNING-INFECTED ' ];
This assumes a reasonably recent version of amavisd-new.
Mark
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Cian Davis wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I was wondering if there's an easy way of getting amavisd-new to rewrite the subject of virus infected e-mail? I just want to add a INFECTED tag or something. Our users scream if we bounce any mail on them but most aren't clued in enough to check the headers. Do not bounce viruses, nor deliver them in a normal way. either quarantine them or deliver to a special location that may not be accessed directly except by safe mailers or tools. Changing the subject may help to warn the user, but is helpless if the mailer executes the malicious code. Here is an old example: http://news.zdnet.com/2100-9595_22-516586.html - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
On Sun, 22 Jul 2007, mouss wrote: Cian Davis wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I was wondering if there's an easy way of getting amavisd-new to rewrite the subject of virus infected e-mail? I just want to add a INFECTED tag or something. Our users scream if we bounce any mail on them but most aren't clued in enough to check the headers. Do not bounce viruses, nor deliver them in a normal way. either quarantine them or deliver to a special location that may not be accessed directly except by safe mailers or tools. Changing the subject may help to warn the user, but is helpless if the mailer executes the malicious code. Here is an old example: http://news.zdnet.com/2100-9595_22-516586.html But if the user is virus lover, it's his thing if he want the virus to be delivered into his mailbox and in this case he should be noticed, that the message contains a virus. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Tomas wrote: On Sun, 22 Jul 2007, mouss wrote: Cian Davis wrote: Hi, I was wondering if there's an easy way of getting amavisd-new to rewrite the subject of virus infected e-mail? I just want to add a INFECTED tag or something. Our users scream if we bounce any mail on them but most aren't clued in enough to check the headers. Do not bounce viruses, nor deliver them in a normal way. either quarantine them or deliver to a special location that may not be accessed directly except by safe mailers or tools. Changing the subject may help to warn the user, but is helpless if the mailer executes the malicious code. Here is an old example: http://news.zdnet.com/2100-9595_22-516586.html But if the user is virus lover, it's his thing if he want the virus to be delivered into his mailbox and in this case he should be noticed, that the message contains a virus. Have you tried: $defang_virus = 1; Gary V - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Tomas Macek wrote: But if the user is virus lover, it's his thing if he want the virus to be delivered into his mailbox and in this case he should be noticed, that the message contains a virus. Will said virus lover pay for the consequences when his machine infects the rest of the world? viruses are different than spam. They are digital massive destruction weapons. If user wants to see what's in the message, use a quarantine area that is not accessible via standard mailers (a web interface that shows plain text only?). you can also deliver a sanitized version of the message, but this is a lot of work. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
mouss wrote on 22/07/07 18:20: Will said virus lover pay for the consequences when his machine infects the rest of the world? viruses are different than spam. They are digital massive destruction weapons. I understand the argument against delivering viruses to our users, but they expect their mail to come to them untampered, regardless (or at least the bodies). We can add the tools to let them identify virus infected mails but it's up to them to do whatever. I would just like it clearer that the message is virus-infected. As far as I know, the $defang_virus = 1 will change the body so isn't really an option for us. Regards, Cian Davis - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Cian Davis wrote: mouss wrote on 22/07/07 18:20: Will said virus lover pay for the consequences when his machine infects the rest of the world? viruses are different than spam. They are digital massive destruction weapons. I understand the argument against delivering viruses to our users, but they expect their mail to come to them untampered, regardless (or at least the bodies). We can add the tools to let them identify virus infected mails but it's up to them to do whatever. I would just like it clearer that the message is virus-infected. but you understand that they can get infected without opening the message, right? As far as I know, the $defang_virus = 1 will change the body so isn't really an option for us. If you use maildrop or procmail then you can alter the subject there (formail or reformail). - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Cian wrote: As far as I know, the $defang_virus = 1 will change the body so isn't really an option for us. In one sense it is unchanged. The entire original message is wrapped in a MIME container. The virus is not made safe by defanging. But in another sense you are not getting the original message in its original form. Regards, Cian Davis Gary V - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Rewrite subject of virus infected mails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I was wondering if there's an easy way of getting amavisd-new to rewrite the subject of virus infected e-mail? I just want to add a INFECTED tag or something. Our users scream if we bounce any mail on them but most aren't clued in enough to check the headers. Regards, Cian Davis -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGoL712yUma7R/3b8RAkBJAJ9XUYlMyIwrm3AgL4US/b/qDtARFwCdFP4C Kled1P3dz2tRl+KeuiGOXdw= =wJH9 -END PGP SIGNATURE- - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
