Questions about how MailScanner deals with mails to be quarantined

Julian Field mailscanner at
Tue Dec 2 16:56:41 GMT 2003

At 16:48 02/12/2003, you wrote:
> > The individual "Report" lines in the mail to the sysadmin give the exact
> > reason the message was stopped.
>That much is certainly true :)
> > The Subject: line is always the same (just makes it easier to filter on). I
> > didn't really intend human beings to read every admin notification. Most
> > sysadmins don't have the time to read stuff like this anyway.
>Well, we tend to skim the subject lines, unless something looks like we
>need to attend to it, only then do we actually read the mail, and then
>to verify which machine sent it (we have multiple sweepers for
>resiliency).  Obviously on MScanner, we'd include the machine name in
>our report mails :)
>Having the actual reason a mail was stopped in the Subject: line makes
>this a lot easier.

But there can be many reasons, often at least 3 (HTML exploit trying to
load a .pif which has a virus in it, for example). What then?

> > That's all down to what you put in the VirusWarning.txt file, which you
> > might well rename as well.
>I realise that, but it still delivers the rest of the mail, doesn't it?
>Also, there the option to only notify/deliver disinfected to the
>recipient on certain reasons for quarantining would be helpful (eg, we
>notify recipients of large mails, but not executables or videos).

But then what do you do with large executables? You have conflicting
requests, which is kinda hard to code.

Julian Field
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list