user override of scanning?

Julian Field MailScanner at ecs.soton.ac.uk
Tue May 23 19:33:06 IST 2006 

If you always have some sort of admin person in place, then we have an 
admin-authorised quarantine release system. This is mostly intended for 
in-bound mail though might work for outbound mail as well.
Contact apl at ecs.soton.ac.uk for more information on that, he's 
developing it, not me.

Other than that a Custom Function that checked the Subject: line and 
used it to control the Virus Checks = configuration option would be very 
easy to write. Send me your spec for a price quote.

Logan Shaw wrote:
> Hi everyone,
>
> I'm having a bit of a problem with figuring out the best
> way to deal with quarantined messages.
>
> I run a mail server for a company that, it just so happens,
> really does need to send and receive executables in the mail
> pretty regularly.  We are often sending Windows-based software
> back and forth with customers.  This means many of the file
> types that MailScanner looks for are things that we sometimes
> need to send or receive.  For example, .exe files, VB scripts,
> and .cab files.
>
> Presently, the way I've been dealing with this is to
> comment out the rule that catches a particular file type in
> filename.rules.conf whenever a user tells me it blocked a
> legitimate attachment of theirs, then have them re-send it.
> This works OK, but (a) it means they can't send until they
> can contact me (what if I'm on vacation?), and (b) I feel
> like eventually I'm going to converge on having commented out
> virtually every "deny" rule in filename.rules.conf.
>
> Some possible solutions that I've thought of:
>
> (1)  Set up a rule not to scan any message that originates
>      locally.  I've already done this, and it works, but it
>      eliminates the protection we'd have if a PC here did
>      get a virus.  With this exception in place, an infected
>      PC here has nothing blocking it from propagate through
>      our server.  And I think that means it can spread from
>      one PC to another within our organization.  Plus this
>      doesn't address the problem of allowing outsiders to
>      send legitimate attachments in.
>
> (2)  Create some kind of user override for scanning so that
>      if a user gets a failure message back, they can use a
>      secret handshake when they send it again which will tell
>      MailScanner to let it through.  Maybe a magic word in
>      the body or subject of the mail, or a special header.
>
> (3)  Set up MailScanner so that password-protected zip files
>      are left alone.  Then the users can override filtering
>      by putting things in a password-protected zip file.
>      This is a bit tedious for the users, though maybe not
>      too bad.  Plus IIRC some viruses spread data around
>      by using just such a loophole.
>
> (4)  A web interface to allow users to pull things out of
>      quarantine.  This requires an HTTP server on the mail
>      server, which is a negative.  Plus, unless I allow HTTP
>      traffic from the outside world, it doesn't solve the end of
>      the problem where a customer wants to send something TO us.
>
> So, are there any bright ideas I'm missing?  Or maybe standard
> practices in this area?
>
>   - Logan

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

More information about the MailScanner mailing list