[Mimedefang] Re: Mimedefang 2.7 + FileScan -> False alarms
tatooin
tatooin at kelkoo.com
Mon Apr 15 12:00:06 EDT 2002
Finally, I found out a workaround.
In message_contains_virus_filescan(), I've replaced
###
if ($virus || $scanner->suspicious) {
# Found a virus or suspicious file, so
# status of remaining files is moot
closedir(DIRHANDLE);
return (wantarray ? (1, 'virus', 'quarantine') : 1);
}
###
by:
###
if ($virus) {
# Found a virus, so
# status of remaining files is moot
closedir(DIRHANDLE);
return (wantarray ? (1, 'virus', 'quarantine') : 1);
} elsif if ($scanner->suspicious) {
# Found a suspicious file, so
# status of remaining files is moot
closedir(DIRHANDLE);
return (wantarray ? (0, 'suspicious', 'ok') : 0);
}
###
So that In mimedefang-filter, I can do something like:
###
if ($category eq "virus") {
action_quarantine_entire_message();
action_bounce("A Virus was found in your message. Email
rejected.");
action_notify_sender("$KnownVirusFound");
} elsif ($category eq "suspicious") {
action_notify_sender("Email accepted, but was suspicious."); }
###
Does this looks like Ok ? Or am I just breaking everything ?
Also, in there any way in mimedefang-filter, to retrieve the content of
$VirusScannerMessages, so that we can inform the sender of the name of
the virus we found in his mail ?
Thanks !
Regards,
Vincent Jaussaud.
On Mon, 2002-04-15 at 16:30, tatooin wrote:
> Hi,
>
> I've just upgraded to MIMEDefang 2.7, with File Scan support.
>
> I noticed one problem. If an attachement is tagged as "suspicious" by
> File::Scan, then the mail will be rejected. However, it seems that a lot
> of these attachements are completly clean (at least, that's what NAV
> with latest signatures says)
>
> Is there any simple way in Mimedefang to let emails tagged as
> "suspicious" to pass through ? (a simple warning should be enough)
>
> I noticed that such wrong alarms often occurs on M$ documents.
>
> Thanks in advance.
>
> Regards,
>
> --
> #######################################################################
> Vincent Jaussaud - Security Manager / Networks & Systems Administration
> Phone: +33 (0)4 76 29 71 63
> GSM: +33 (0)6 80 64 09 62
> AIM Nick: portsentry
> Email: Vincent.Jaussaud at kelkoo.com
> #######################################################################
>
--
#######################################################################
Kelkoo.com: Security Manager / Networks & Systems Administration
Phone: +33 (0)4 76 29 71 63
GSM: +33 (0)6 80 64 09 62
AIM Nick: portsentry / Email: Vincent.Jaussaud at kelkoo.com
#######################################################################
###
More information about the MIMEDefang
mailing list