Re: Milter Logging
On Sat, 17 Apr 2004, Matthew Seaman wrote: > On Sat, Apr 17, 2004 at 02:00:59PM -0400, Chuck Swiger wrote: > > Warren Block wrote: > > >What do people do for milter logging? A MAILER-DAEMON message for every > > >virus caught by clamav-milter is a little annoying (both to the intended > > >recipient and to postmaster), but I'm hesitant to just discard them. > > clamav-milter logs what it does to syslog very effectively. The > warning messages to postmaster aren't really necessary but for a low > traffic site, they do give you some vicarious pleasure for a while. My mistake was that in trying to make sure I didn't bounce virus mail to forged From: addresses, I overrode the default clamav-milter flags with just -N (--noreject). This was not the correct option, and not the only option needed. "--quiet --local --outgoing --max-children=50" seems to be more like what was needed. > > Refusing to accept viral mail is the best option if you can; failing that, > > I discard such messages. Frankly, I gave up bouncing viral mail after I > > got tired of answering complaints when someone got a bounce from a > > forgery... I've said elsewhere that it's silly for an antivirus program to trust *any* information in a known virus-generated message. That would include bouncing to the From: address. > Yes -- rejecting the messages at the SMTP DATA stage is the way to go. Which is what is accomplished with clamav-milter, at least with the right combination of flags. 8-) I'd still like some summary logging of the results; if a system has sent a lot of viruses recently, it may be necessary to reject them through access.db, or even at the firewall. -Warren Block * Rapid City, South Dakota USA ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Milter Logging
On Sat, Apr 17, 2004 at 02:00:59PM -0400, Chuck Swiger wrote: > Warren Block wrote: > >What do people do for milter logging? A MAILER-DAEMON message for every > >virus caught by clamav-milter is a little annoying (both to the intended > >recipient and to postmaster), but I'm hesitant to just discard them. clamav-milter logs what it does to syslog very effectively. The warning messages to postmaster aren't really necessary but for a low traffic site, they do give you some vicarious pleasure for a while. > Well, the standards (RFC-822/2822) are clear, but with the dawn of viruses > that forge sender addresses, creating bounces for viruses doesn't really do > anybody much good, either. > > Refusing to accept viral mail is the best option if you can; failing that, > I discard such messages. Frankly, I gave up bouncing viral mail after I > got tired of answering complaints when someone got a bounce from a > forgery... Yes -- rejecting the messages at the SMTP DATA stage is the way to go. Not that the virus mailers take the slightest bit of notice: half the time they've dropped the connection by the time the AV filter has done its thing. It's much more effective against spam e-mailers. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: Milter Logging
Warren Block wrote: What do people do for milter logging? A MAILER-DAEMON message for every virus caught by clamav-milter is a little annoying (both to the intended recipient and to postmaster), but I'm hesitant to just discard them. Well, the standards (RFC-822/2822) are clear, but with the dawn of viruses that forge sender addresses, creating bounces for viruses doesn't really do anybody much good, either. Refusing to accept viral mail is the best option if you can; failing that, I discard such messages. Frankly, I gave up bouncing viral mail after I got tired of answering complaints when someone got a bounce from a forgery... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"