Virus and messages not cleaned with "Still Deliver Silent Viruses = yes"

Xavier Montagutelli xavier.montagutelli at unilim.fr
Sun Mar 14 19:25:17 GMT 2010 

Hello Kai,

Le 14/03/2010 18:31, Kai Schaetzl a écrit :
> Xavier Montagutelli wrote on Sun, 14 Mar 2010 14:09:54 +0100:
>
>   
>> Can someone confrm that it should work ?
>>     
> I remember someone having the same problem as you some weeks ago.
> There is no point in delivering a virus-infected message. A message that 
> contains a virus is always a fake *in total*. It is not a legit message 
> that has a virus file attached.
>
> >From Still Deliver Silent Viruses comment:
> # Still deliver (after cleaning) messages that contained viruses listed
> # in the above option ("Silent Viruses") to the recipient?
> # Setting this to "yes" is good when you are testing everything, and
> # because it shows management that MailScanner is protecting them,
> # but it is bad because they have to filter/delete all the incoming virus
> # warnings.
> #
> # Note: Once you have deployed this into "production" use, you should set
> # Note: this option to "no" so you don't bombard thousands of people with
> # Note: useless messages they don't want!
>
>   
>> But the attachments is not 
>> replaced any more !
>>     
> Yes, I agree, according to the comment for this option the file should get 
> replaced by a warning. I think it stopped working like this when the 
> virusscan was moved before the spamscan and I think there is a reason, 
> too. 

Thank you for this information. And sorry if I missed the thread on the ML.

> As I said, doing so doesn't make sense.
>   

This policy is not decided only from a technical point of view. We don't
want to block e-mails for our users without letting them know, or at
least the sender, that's part of our internal rules.

Nonetheless, only speaking with a technical view, antiviruses can also
produce false positives. And viruses do not spread heavily through
e-mails nowadays (spams are more problematics). That's why putting the
e-mail in quarantine (which is equivalent to "dropping" the mail) is not
what we want to do here. A better approach could be to switch the AV
from MailScanner to a milter (we use sendmail), to scan for viruses
during the SMTP session. But I don't want to make such a big change in
our infrastructure so quickly.

Can someone confirm that this setting doesn't work anymore ?

--
Xavier

More information about the MailScanner mailing list