Re: [clamav-users] clamav-milter reject and quarantine?

Am 18.02.2016 um 14:14 schrieb Michael Grant: > Using clamav-milter, is there anyway to reject virus infected messages AND > put them into a quarantine directory? > > The reason I want to do this is that I want to reject virus messages while > the smtp connection is still alive, but after the

Re: [clamav-users] clamav-milter reject and quarantine?

This isn't the place for this debate, but if you accept a message you own it and are compelled to deliver it. If you reject it before the final protocol ". [cr] you can to anything you want with it forensically, but you can't deliver it. The sender still owns it. If people don't accept this

Re: [clamav-users] clamav-milter reject and quarantine?

On 2/18/2016 7:25 PM, Gene Heskett wrote: > On Thursday 18 February 2016 12:48:42 Michael Grant wrote: > >> Then let me be more clear... >> >> I want to reject the message. I do not want the message arriving at >> the recipient. However, the message that is passed to clamd, if this >> is

Re: [clamav-users] clamav-milter reject and quarantine?

On Thursday 18 February 2016 12:48:42 Michael Grant wrote: > Then let me be more clear... > > I want to reject the message. I do not want the message arriving at > the recipient. However, the message that is passed to clamd, if this > is discovered to contain a virus, I want to save that into a

Re: [clamav-users] clamav-milter reject and quarantine?

You could try (man clamd.conf) *LeaveTemporaryFiles BOOL* Do not remove temporary files (for debug purpose). Default: no dp On 2/18/16 9:48 AM, Michael Grant wrote: Then let me be more clear... I want to reject the message. I do not want the message arriving at the recipient.

Re: [clamav-users] clamav-milter reject and quarantine?

Nobody is questioning that - it is the desire to deliver it after rejecting it that is wrong on several levels. For example the sender will get a reject message and the recipient will not know that. dp On 2/18/16 9:48 AM, Noel Jones wrote: It is not a violation of protocol to reject a

Re: [clamav-users] clamav-milter reject and quarantine?

Then let me be more clear... I want to reject the message. I do not want the message arriving at the recipient. However, the message that is passed to clamd, if this is discovered to contain a virus, I want to save that into a file in a directory so that I can come back later and look at it.

Re: [clamav-users] clamav-milter reject and quarantine?

It is not a violation of protocol to reject a message during SMTP, and save a copy for forensic inspection. Be aware it is likely to cause confusion if you later deliver that message. clamav-milter does not currently have a reject+inspect option, but it probably wouldn't be much effort to add.

Re: [clamav-users] clamav-milter reject and quarantine?

On 2/18/16 9:21 AM, Michael Grant wrote: The reason I want to do this is that I want to reject virus messages while >>the smtp connection is still alive, but after the fact, if there was a >>false positive, I'd like to be able to send the message on through anyway >>after the fact. You say here

Re: [clamav-users] clamav-milter reject and quarantine?

I don't want to deliver the message, I want to quarantine it (like put it in a directory somewhere), and then refuse it at the milter/smtp level. There is not a violation of the protocol here. On 18 February 2016 at 17:59, Dennis Peterson wrote: > What you want to do is

Re: [clamav-users] clamav-milter reject and quarantine?

What you want to do is best done using the local mailer and not SMTP. Technically and literally you have accepted the message in your scheme and are therefore responsible for delivery. You can't both send a reject and deliver the mail - it violates the protocol and integrity of the messaging

[clamav-users] clamav-milter reject and quarantine?

Using clamav-milter, is there anyway to reject virus infected messages AND put them into a quarantine directory? The reason I want to do this is that I want to reject virus messages while the smtp connection is still alive, but after the fact, if there was a false positive, I'd like to be able to