Re: [AMaViS-user] Stripping attachments
Thank you for taking the time to completely and thoroughly answer my questions. Cheers, Gordon Mark Martinec wrote: Gordon, Is it possible to strip an attachment in the case of $final_banned_destiny with other Amavisd-NEW options so that the attachment is saved to, say, /var/virusmails, and still the original email text is delivered to the user's mailbox with a notification that the executable attachment has been stripped and quarantined? No, this is currently not possible nor planned for immediate future. Oh, I think I see what you mean - by using the info included here? http://www.ijs.si/software/amavisd/README.customize.txt Which of these options do you think would give me what I'm looking for? The most you can get with using a built-in macro processor is to include the full mail header (macro %H), which is not exactly what you need. Mail body is not available through macros, one reason is that it is not stored in memory. One approach would be to modify sub defanged_mime_entity() to re-assemble a replacement MIME::Entity object out of original mail, based on some filtering rules. Some people have modified the source code to pass the email.txt to altermime and to forward to recipients its results. While tricks like that are certainly possible and not too difficult to implement, these are currently just more or less successful experiments. A quarantine management GUI may offer ability to let recipient look into his quarantined message, and only display plain text parts. may I suggest this functionality be included in future revs of the product? I know that other Anti-SPAM/VIRUS/BLOCKED utilities have this capability and it just seems like another nicety to add to an already very nice tool. You may suggest, but it is way down on a priority list. Adding such functionality is another can of worms / a project all in itself. Amavis* project(s) so far stayed on the position that a mail body should not be changed apart from some added/edited header fields (partly because we don't want to be culpable when something goes wrong). While I did give-in somewhat when I introduced a simple form of 'mail defanging' (wrapping a message/rfc822 MIME container around original mail in certain cases), I have no immediate plans to refine/extend such functionality. Stripping away MIME parts may have some niche use, but as a general approach I believe it is less useful than may appear at a first glance. Mark --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Stripping attachments
Gordon, Is it possible to strip an attachment in the case of $final_banned_destiny with other Amavisd-NEW options so that the attachment is saved to, say, /var/virusmails, and still the original email text is delivered to the user's mailbox with a notification that the executable attachment has been stripped and quarantined? No, this is currently not possible nor planned for immediate future. Oh, I think I see what you mean - by using the info included here? http://www.ijs.si/software/amavisd/README.customize.txt Which of these options do you think would give me what I'm looking for? The most you can get with using a built-in macro processor is to include the full mail header (macro %H), which is not exactly what you need. Mail body is not available through macros, one reason is that it is not stored in memory. One approach would be to modify sub defanged_mime_entity() to re-assemble a replacement MIME::Entity object out of original mail, based on some filtering rules. Some people have modified the source code to pass the email.txt to altermime and to forward to recipients its results. While tricks like that are certainly possible and not too difficult to implement, these are currently just more or less successful experiments. A quarantine management GUI may offer ability to let recipient look into his quarantined message, and only display plain text parts. may I suggest this functionality be included in future revs of the product? I know that other Anti-SPAM/VIRUS/BLOCKED utilities have this capability and it just seems like another nicety to add to an already very nice tool. You may suggest, but it is way down on a priority list. Adding such functionality is another can of worms / a project all in itself. Amavis* project(s) so far stayed on the position that a mail body should not be changed apart from some added/edited header fields (partly because we don't want to be culpable when something goes wrong). While I did give-in somewhat when I introduced a simple form of 'mail defanging' (wrapping a message/rfc822 MIME container around original mail in certain cases), I have no immediate plans to refine/extend such functionality. Stripping away MIME parts may have some niche use, but as a general approach I believe it is less useful than may appear at a first glance. Mark --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Stripping attachments
Are you an Amavisd-NEW developer? If so, may I suggest this functionality be included in future revs of the product? I know that other Anti-SPAM/VIRUS/BLOCKED utilities have this capability and it just seems like another nicety to add to an already very nice tool. Cheers, Michael Scheidell wrote: I don't think you can get the whole message but, but the default is to send the recipient a notification with subject line, sender and name of attachment. Other than that, it would take some custom programming to pass it through a mimestripper (which isn't above possibility, and might be done with the use of an email box for quarantine destination) -- Gordon Thagard, UNIX Systems Administrator FAMU-FSU College of Engineering Communications Multimedia Services 2525 Pottsdammer Street, Suite A332-L Tallahassee, FL 32310-6046 V: (850) 410-6449 F: (850) 410-6484 M: (850) 443-4220 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
