[URGENT] How to intercept a copy of virus-infected message?

[Rob Poe]

If they fail the filename rule and you have MailScanner set to
quarantine the whole message, would they not then be in the
/path/to/MailScanner/quarantine directory ?



>>> pmb1 at YORK.AC.UK 4/30/2004 4:23:33 AM >>>
Greetings -

I believe our site is being copies of a virus (probably Bagle-X or a
variant) that Sophos Anti-Virus is not identifying.  At present the
messages are only being blocked because we have MailScanner configured
not
to allow attachments with filename suffixes such as ".hta" etc.

Sophos (the company!) have asked me to grab a couple of these messages
and
send them in for analysis.

Plese could someone quickly explain how to configure MailScanner
(4.29.3)
to intercept such a message: ideally forwarding it to a specific
e-mail
address or, second choice, to quarantine its Sendmail queue files?

Ideally I guess I'd just like to intercept messages which are being
blocked
because they are failing the filename based checks; I'm not
particularly
interested in getting the ones infected with known viruses because,
well,
Sophos Anti-Virus already knows them!  :-}

With many thanks,

Mike B-)

--
The Computing Service, University of York, Heslington, York Yo10 5DD,
UK
Tel:+44-1904-433811  FAX:+44-1904-433740

* Unsolicited commercial e-mail is NOT welcome at this e-mail address.
*

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html