Questions about how MailScanner deals with mails to be quarantined
Julian Field
mailscanner at ecs.soton.ac.uk
Tue Dec 2 16:56:41 GMT 2003
At 16:48 02/12/2003, you wrote:
> > The individual "Report" lines in the mail to the sysadmin give the exact
> > reason the message was stopped.
>
>That much is certainly true :)
>
> > The Subject: line is always the same (just makes it easier to filter on). I
> > didn't really intend human beings to read every admin notification. Most
> > sysadmins don't have the time to read stuff like this anyway.
>
>Well, we tend to skim the subject lines, unless something looks like we
>need to attend to it, only then do we actually read the mail, and then
>to verify which machine sent it (we have multiple sweepers for
>resiliency). Obviously on MScanner, we'd include the machine name in
>our report mails :)
>
>Having the actual reason a mail was stopped in the Subject: line makes
>this a lot easier.
But there can be many reasons, often at least 3 (HTML exploit trying to
load a .pif which has a virus in it, for example). What then?
> > That's all down to what you put in the VirusWarning.txt file, which you
> > might well rename as well.
>
>I realise that, but it still delivers the rest of the mail, doesn't it?
>Also, there the option to only notify/deliver disinfected to the
>recipient on certain reasons for quarantining would be helpful (eg, we
>notify recipients of large mails, but not executables or videos).
But then what do you do with large executables? You have conflicting
requests, which is kinda hard to code.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
More information about the MailScanner
mailing list