quarantine password-protected files

James D. Parra Jamesp at MusicReports.com
Wed Aug 9 22:19:21 IST 2006


> I want to quarantine password-protected file attachments, actually, any
file
> attachments that MailScanner determines as suspicious. After looking
through
> mailscanner.conf I found;
> 
> <snip>
> # Reports and Responses
> # ---------------------
> #
> 
> # Do you want to store copies of the infected attachments and messages?
> # This can also be the filename of a ruleset.
> Quarantine Infections = yes
> <snip>
> 
> However, an attachment was deleted and not stored in
> /var/spool/MailScanner/quaratine/, according the text message;
> 
> This is a message from MailScanner E-Mail Virus Protection Service
> ----------------------------------------------------------------------
> The original e-mail message contained potentially dangerous content,
> which has been removed for your safety.
> 
> The content is dangerous as it is often used to spread viruses or to gain
> personal or confidential information from you, such as passwords or credit
> card numbers.
> 
> Due to limitations placed on us by the Regulation of Investigatory Powers
> Act 2000, we were unable to keep a copy of the original attachment.
> 
> The content filters found this:
>    MailScanner: Message contained password-protected archive
> ~~~
> 
> Where in the conf can I fix this?

>I have been just storing all messages for a short period of time. Then you
can
>release anything you need to, and you can set up the system to kill after a
>set number of days. Mailwatch makes this even easier.

I don't mind just storing/quarantine the attachments for retrieval later.
Right now it is deleting the attachments and I don't want that. Where in the
MailScanner.conf can I fix this? 
~~~

I found this on the web (its from an older mailscanner.conf file) attempting
to figure out how to stop mail scanner from deleting attachments;

# Set what to do with infected attachments or messages.
# keep   ==> Store under the "Quarantine Dir"
# delete ==> Just delete them
#Action = delete
Action = keep

I don't see such an option in the mailscanner.conf I have. If I were to
insert this in to the conf, would it work?

Many thanks in advance,

~James


More information about the MailScanner mailing list