Discard virus infected messages

Martin Strand do.not.eat.yellow.snow at gmail.com
Fri Sep 28 16:32:17 IST 2007 

On Fri, 28 Sep 2007 17:17:30 +0200, Denis Beauchemin  
<Denis.Beauchemin at usherbrooke.ca> wrote:

> Martin Strand a écrit :
>> I want to discard virus infected messages but am not sure how to do  
>> that. I tried "Deliver Disinfected Files = no" but MS still disinfects  
>> and delivers with that inline report. What I'm after is something like  
>> "Virus Actions = delete". Help?
>>
>> Thanks,
>> Martin
> Martin,
>
> I think you are looking for:
> # Still deliver (after cleaning) messages that contained viruses listed
> # in the above option ("Silent Viruses") to the recipient?
> # Setting this to "yes" is good when you are testing everything, and
> # because it shows management that MailScanner is protecting them,
> # but it is bad because they have to filter/delete all the incoming virus
> # warnings.
> #
> # Note: Once you have deployed this into "production" use, you should set
> # Note: this option to "no" so you don't bombard thousands of people with
> # Note: useless messages they don't want!
> #
> # This can also be the filename of a ruleset.
> Still Deliver Silent Viruses = %rules-dir%/virus.to.quarantine.rules
>
> [bead2306 at smtpe3 st_localbin]$ cat  
> /etc/MailScanner/rules/virus.to.quarantine.rules
> Virus:  BackDoor- no
> Virus:  Email.Hdr   no
> Virus:  Email.Loan  no
> Virus:  Email.Malware   no
> Virus:  Email.Phishing  no
> Virus:  Email.ScamL     no
> Virus:  Email.Spam      no
> Virus:  Email.Webaccount    no
> Virus:  Email.FreeGame      no
> Virus:  Exploit.HTML.IFrame no
> Virus:  fragmented          no
> Virus:  Generic.Peed        no
> Virus:  HTML.Malware        no
> Virus:  HTML.Phishing       no
> Virus:  Html.ScamL          no
> Virus:  MSRBL-Images        no
> Virus:  MSRBL-SPAM          no
> Virus:  Phish-BankFraud     no
> Virus:  Sanesecurity        no
> Virus:  Trojan   no
> Virus:  W32/     no
> Virus:  Win32    no
> Virus:  Worm     no
> Virus:  default yes
>
> Denis
>

Thanks Denis, I already had "Still Deliver Silent Viruses = no" but now  
that I looked in MailScanner.conf again I found this:

Deliver Cleaned Messages = yes

which I set to "no" and now it works fine. I can't believe I missed that  
the first time. :=)

Martin

More information about the MailScanner mailing list