Dear all,
I'm currently running clamav + amavisd-new for some time, and having read
through the arguments on notification here:-
http://lists.clamav.net/lurker/thread/20040922.180416.24842818.en.html
I decided to enforce this notification policy in amavisd-new (slight
modification from
On Tuesday 21 September 2004 06:39 pm, Damian Menscher wrote:
Why? Since all you achieve with rejects is indirectly causing a lot of
virus bounces to appear at innocent bystanders.
No, you also guard against false positives.
exactly. If the remote sender is sending a legitimate file that
Hi
Why? Since all you achieve with rejects is indirectly causing a lot of
virus bounces to appear at innocent bystanders.
NO.
Virii are usually send directly from the virus and the virus will not send
bounces... :D
However, if a virus can send through an SMTP server, that server needs to be
Steffen wrote:
Hi
Why? Since all you achieve with rejects is indirectly
causing a lot of
virus bounces to appear at innocent bystanders.
NO.
Virii are usually send directly from the virus and the virus
will not send bounces... :D However, if a virus can send
through an SMTP server,
On Tue, 21 Sep 2004 15:21:22 -0400 in [EMAIL PROTECTED] Ryan
Moore [EMAIL PROTECTED] wrote:
Brian Morrison wrote:
You need to do something appropriate to sendmail.cf or the milter
configuration (which I know nothing about I'm afraid) to do this.
This is not something that can be
On Wednesday 22 September 2004 04:10 am, Randal, Phil wrote:
Why? Since all you achieve with rejects is indirectly
causing a lot of
virus bounces to appear at innocent bystanders.
NO.
Virii are usually send directly from the virus and the virus
will not send bounces... :D However,
On Tue, Sep 21, 2004 at 06:39:25PM -0500, Damian Menscher wrote:
On Wed, 22 Sep 2004, Jan Pieter Cornet wrote:
On Mon, Sep 20, 2004 at 04:26:40PM -0700, [EMAIL PROTECTED]
wrote:
It is perfectly acceptable to place an explanatory message in an SMTP
REJECT message.
Acceptable, maybe, but I
On Wed, 22 Sep 2004, Jan Pieter Cornet wrote:
On Tue, Sep 21, 2004 at 06:39:25PM -0500, Damian Menscher wrote:
As a riposte: I'm not alone in this, far from it, actually. A similar
request was recently issued by virusalert.nl, a dutch organisation
on virus prevention.
See
Simple solution to the question of whether to send a notice:
You know what virus was detected. You know whether it's a mass-mailer
or something else. (starts with Worm., ends with @mm, a few specific others)
Based on that, you can decide whether to reject it or discard it.
--
Kelson Vibber
Damian Menscher wrote:
Maybe I'm missing something, but they're not talking about not
rejecting. They're talking about not bouncing (sending out non-delivery
notifications in response to EVERY virus). There's a huge difference. I
think you'd be hard-pressed to find a legitimate company
As a riposte: I'm not alone in this, far from it, actually. A similar
request was recently issued by virusalert.nl, a dutch organisation
on virus prevention.
See http://www.virusalert.nl/?show=nieuwsid=559
I attempted to use the Fish to translate, and looked at their little
picture of the
On Wed, 22 Sep 2004, Kelson wrote:
Simple solution to the question of whether to send a notice:
You know what virus was detected. You know whether it's a mass-mailer or
something else. (starts with Worm., ends with @mm, a few specific others)
Based on that, you can decide whether to reject it
On Wed, 22 Sep 2004, Matt wrote:
The easiest way to distinguish this is if you are scanning the mail AFTER
you have accepted delivery of the email, then discard, do not bounce.
However, if you are filtering before accepting the email, then reject.
Agreed. If you're filtering your mail after it
Le Mon 20/09/2004, Steffen Heil disait
However, if you do such things, PLEASE only send a notification to the
intended user, NOT to the author. This would cause lot of collateral damage.
And ONLY if the intended recipient is a local one...
--
Erwan David
On 9/20/2004 11:45 PM +0200, Jonathan Pitcher wrote:
We have Clam Av installed and running. It is blocking virus e-mails
but is not generating any notification.
Is it possible to send a message onto the user that they had an e-mail
blocked? Or to an admin stating that [EMAIL PROTECTED] had a
On Monday 20 Sep 2004 22:45, Jonathan Pitcher wrote:
We have Clam Av installed and running. It is blocking virus e-mails
but is not generating any notification.
Is it possible to send a message onto the user that they had an e-mail
blocked? Or to an admin stating that [EMAIL PROTECTED] had
Nigel Horne wrote:
On Monday 20 Sep 2004 22:45, Jonathan Pitcher wrote:
Is it possible to send a message onto the user that they had an
e-mail blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus
sent to them?
Yes it is, though the first option is not advisable. You can find
On Tue, 21 Sep 2004 08:44:45 -0700 in
[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
If there is no way to do this currently, can I submit this as a
feature request for clamav-milter?
But as you have already been told, it is up to the MTA to do this.
When Exim passes incoming mail through clamd
On Tuesday 21 Sep 2004 16:44, [EMAIL PROTECTED] wrote:
Nigel Horne wrote:
On Monday 20 Sep 2004 22:45, Jonathan Pitcher wrote:
Is it possible to send a message onto the user that they had an
e-mail blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus
sent to them?
Yes
On Mon, Sep 20, 2004 at 04:26:40PM -0700, [EMAIL PROTECTED] wrote:
It is perfectly acceptable to place an explanatory message in an SMTP
REJECT message.
Acceptable, maybe, but I believe it's better to simply discard all
viruses.
Why? Since all you achieve with rejects is indirectly causing a
On Wed, 22 Sep 2004, Jan Pieter Cornet wrote:
On Mon, Sep 20, 2004 at 04:26:40PM -0700, [EMAIL PROTECTED] wrote:
It is perfectly acceptable to place an explanatory message in an SMTP
REJECT message.
Acceptable, maybe, but I believe it's better to simply discard all
viruses.
And most sane people
Brian Morrison wrote:
You need to do something appropriate to sendmail.cf or the milter
configuration (which I know nothing about I'm afraid) to do this.
This is not something that can be configured in clamav AFAICS.
He was referring to the clamav-milter, which *does* hook clamav into
sendmail,
We have Clam Av installed and running. It is blocking virus e-mails
but is not generating any notification.
Is it possible to send a message onto the user that they had an e-mail
blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to
them?
Thanks in advance.
Hi
We have Clam Av installed and running. It is blocking virus e-mails but
is not generating any notification.
Right. clamav is just a virus scanner. It's sole purpose is to detect virii.
So, how are you passing your mails to clamav? That component or your mail
server could do that.
However,
Jonathan Pitcher wrote:
Is it possible to send a message onto the user that they had an e-mail
blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to
them?
http://www.mailscanner.info
--
/Peter Bonivart
--Unix lovers do it in the Sun
Steffen Heil wrote:
Hi
We have Clam Av installed and running. It is blocking virus e-mails
but
is not generating any notification.
... PLEASE only send a notification to the
intended user, NOT to the author. This would cause lot of
collateral damage.
With one caveat.
It is perfectly
On Mon, 20 Sep 2004, Jonathan Pitcher wrote:
Is it possible to send a message onto the user that they had an e-mail
blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to
them?
Yes.
It is also a bad idea.
Since most viruses forge the From: address, you will not be
Christopher X. Candreva said:
On Mon, 20 Sep 2004, Jonathan Pitcher wrote:
Is it possible to send a message onto the user that they had an e-mail
blocked? Or to an admin stating that [EMAIL PROTECTED] had a virus sent to
them?
Yes.
It is also a bad idea.
Since most viruses forge the
With one caveat.
It is perfectly acceptable to place an explanatory message in an SMTP
REJECT message.
Something like
EHLO (hi)
MAIL FROM (ok)
RCPT TO (ok)
DATA (can't accept for delivery, contains the EICAR virus!)
If the mail is being sent by a virus, the virus will usually just give
29 matches
Mail list logo