Marking email as virus using header?

Kevin Miller kevin.miller at juneau.org
Sat Jun 27 16:43:26 UTC 2015


If you can set the custom header on the firewall, you could write a simple spamassassin rule which triggers on that header, and set the “Spam Actions” to a ruleset. If it’s normal spam, do whatever you normally do with spam.  If it has the header you’ve set, you could maybe call the custom(parameter) option in Spam Actions and have it do what you want.  I haven’t ever used the custom option so I don’t know what all would be involved, but see the notes in the Spam Actions section in MailScanner.conf and /usr/lib/MailScanner/MailScannerCustomFunctions/CustomAction.pm.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Simon
Sent: Friday, June 26, 2015 7:48 PM
To: mailscanner at lists.mailscanner.info
Subject: Marking email as virus using header?

Hi there,

We front our mailscanner servers with fortigate firewalls, and use the AV at the firewall rather than mailscanner (av is turned off on mailscanner). Mailscanner is the latest version, running on Centos 6.6.

What I have been wondering about is if we could pass the email to mailscanner with a custom header (set at the firewall) and have mailscanner mark it as spam.

This would only be for logging purposes, and so that clients can 'see' the av in action and also potentionally let their contacts know if they have been compromised.

Is this possible somehow?

Many thanks,

Simon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20150627/6e54f07d/attachment.html>


More information about the MailScanner mailing list