quarantine password-protected files

Julian Field mailscanner at ecs.soton.ac.uk
Thu Aug 10 21:02:33 IST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



James D. Parra wrote:
>> I want to quarantine password-protected file attachments, actually, any
> file
>> attachments that MailScanner determines as suspicious. After looking
> through
>> mailscanner.conf I found;
>>
>> <snip>
>> # Reports and Responses
>> # ---------------------
>> #
>>
>> # Do you want to store copies of the infected attachments and messages?
>> # This can also be the filename of a ruleset.
>> Quarantine Infections = yes
>> <snip>
>>
>> However, an attachment was deleted and not stored in
>> /var/spool/MailScanner/quaratine/, according the text message;
>>
>> This is a message from MailScanner E-Mail Virus Protection Service
>> ----------------------------------------------------------------------
>> The original e-mail message contained potentially dangerous content,
>> which has been removed for your safety.
>>
>> The content is dangerous as it is often used to spread viruses or to gain
>> personal or confidential information from you, such as passwords or credit
>> card numbers.
>>
>> Due to limitations placed on us by the Regulation of Investigatory Powers
>> Act 2000, we were unable to keep a copy of the original attachment.
>>
>> The content filters found this:
>>    MailScanner: Message contained password-protected archive
>> ~~~
>>
>> Where in the conf can I fix this?
> 
>> I have been just storing all messages for a short period of time. Then you
> can
>> release anything you need to, and you can set up the system to kill after a
>> set number of days. Mailwatch makes this even easier.
> 
> I don't mind just storing/quarantine the attachments for retrieval later.
> Right now it is deleting the attachments and I don't want that. Where in the
> MailScanner.conf can I fix this? 
> ~~~
> 
> I found this on the web (its from an older mailscanner.conf file) attempting
> to figure out how to stop mail scanner from deleting attachments;

Not from one that ever worked.

> 
> # Set what to do with infected attachments or messages.
> # keep   ==> Store under the "Quarantine Dir"
> # delete ==> Just delete them
> #Action = delete
> Action = keep

The configuration setting "Action" does not and has never existed.
Furthermore a "Spam Actions" keyword "keep" does not and has never existed.

Try
Spam Actions = store

> 
> I don't see such an option in the mailscanner.conf I have. If I were to
> insert this in to the conf, would it work?
> 
> Many thanks in advance,
> 
> ~James

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at MailScanner.biz

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Get your PCs and servers from Transtec.de, very well built and reliable!

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.7.0
Charset: ISO-8859-1

wj8DBQFE25DbEfZZRxQVtlQRAqx3AJ9dFV0YCnDXlBGV/1Des27WINbcAACgyQZW
Jpi/Bbne7GNVDcKos/r7Ttc=
=UJWt
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list