quarantine attachments & Dangerous content

[Rick Chadderdon]

James D. Parra wrote:
>> In my past installs of mailscanner, attachments considered 'suspect' for
>>     
> any
>   
>> various reason were put into quarantine for later retrieval. In the most
>> recent install I made, these items are instead being deleted from the
>>     
> e-mail
>   
>> message with a note in the e-mail stating that attachment was removed. For
>> example;
>>
>> The content filters found this:
>>    MailScanner: Message contained password-protected archive
>>
>> Where in the MailScanner.conf can I specify to have suspect attachments
>> stored or quarantined and *not* deleted. If it is not in the
>> mailscanner.conf file is the setting in another config file? 
>>     
>
> Hello Rick,
>
> Thank you for your response. I made the following changes. I'll post the
> results when the suspect mail is resent.
>
>   
>> Quarantine Infections = yes
>>     
>
> Already set.
>
>   
>> Quarantine Silent Viruses = no
>>     
>
> Also preset.
>
>   
>> Silent Viruses = HTML-IFrame All-Viruses
>>     
>
> Changed this by removing All-Viruses & Zip-Password, but left all the HTML
> info.
>
> Thank you,
>
> ~James

If I understand what you're trying to do, a better combination would be:

Quarantine Infections = yes
Quarantine Silent Viruses =yes
Silent Viruses = HTML-IFrame All-Viruses

My first post was just a cut/paste out of my own MailScanner.conf.  I 
don't want password-protected zips quarantined.  If you do, the above 
should do it for you.  The changes you made will cause MailScanner to 
generate a lot of bogus virus warnings, and that's not something you 
want to do.  At least it's not something I want you to do - not while 
following my advice.  :)

Don't forget that you can also use "Allow Password-Protected Archives = 
yes" if you just want to pass the things through.  That has its own set 
of risks, though.  Read through the comments for these options in the 
MailScanner.conf file - they're quite good, I think.

Rick