Questions about how MailScanner deals with mails to be quarantined

Julian Field mailscanner at ecs.soton.ac.uk
Tue Dec 2 16:36:47 GMT 2003 

At 16:09 02/12/2003, you wrote:
>Hi,
>
>As the annoying auto-append will reveal, we're currently using
>MAILSweeper, but we're evaluating MailScanner as a replacement.  We
>really like the functionality of MAILSweeper, but equally dislike the
>implementation.
>
>We're running MS 4.25-13 on SuSE 8.2 on our test machine, and we've been
>sending various test mails though it, to see how it dealt with them.
>
>Basically, our requirements would be to be able to quarantine mails
>because of being too large, virus-laden, with attachments of various
>types.
>
>Once a mail is quarantined, we would like to have the option to notify
>three groups of people, the sender, the recipient and the admin,
>depending on the reason the mail had been quarantined.
>
>Our testing of quarantining large mails threw up some confusion, as the
>mails from MS always said that the mails had been stopped as virii,
>which was not the case, however it seems to be that it says that
>irrespective of the actual reason in the mails to the admin, which could
>cause confusion.  It would be better if a different notification mail
>could be sent according to why the mail had been stopped (ie, "this mail
>is too large", "this mail had an executable file attached", "this mail
>has a script attached").

The individual "Report" lines in the mail to the sysadmin give the exact
reason the message was stopped.

The Subject: line is always the same (just makes it easier to filter on). I
didn't really intend human beings to read every admin notification. Most
sysadmins don't have the time to read stuff like this anyway.

>Also, we would prefer to be able to notify the recipient, rather than
>delivering a 'disinfected' version of the mail to them, something like
>"you have been sent a mail that exceeds size limitations by
>foo at bar.baz.  If this mail is for business purposes, please contact
>systems admin".

That's all down to what you put in the VirusWarning.txt file, which you
might well rename as well.

>Have I totally misunderstood the way MS deals with mails, and these
>options are possible? (I hope so)
>
>I can provide my MailScanner.conf if that will be helpful.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list