Dont send virus alerts, but DO send bad file name/type etc.

James Gray james_gray at ocs.com
Tue Nov 30 22:16:06 GMT 2004


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi All,

Our site is being hammered with Sober.j and Netsky.p (mostly) to the tune of
several hundred an hour at times.  Understandably, users are getting a little
peeved at the amount "[** VIRUS **]" alerts they're getting.  I've hinted to
the powers that be, there may be a way to dump virus alerts, but still send
notices to users about bad filenames and bad filetypes.  Spam will be handled
by attaching the original (action=attachment deliver).

So the actions would be:
Virus = delete, don't send notice to user, notify admin.
Bad Filname = quarantine, notify user, notify admin.
Bad Filetype = quarantine, notify user, notify admin.
Spam = deliver as attachment (actually these are handled by a bunch of
rulesets to enable per-user hi/lo spam thresholds and spam actions, but the
default is "deliver attachment")

So does anyone know the magic combination of options in mailscanner.conf to
achieve what I'm trying to do??  I've RTFMAQ, and FAQ and the archives, and
the conf file, but haven't found anything _exactly_ what I'm after.  Feel
free to beat beat me with a clue bat if I've missed something.

Thanks in advance.  BTW - thanks to Julian for saving our Windows users from
themselves :P  Have to admit how smug I felt during that in-between period of
virus outbreak and signature update, where MailScanner dutifully quarantined
all the nasty attachments even though NAI-VirusScan didn't detect them :)

Cheers,

James
--
I.T. Manager - Asia Region
Open Channel Solutions
Sydney, Australia
Web:    http://www.ocs.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list