[Mimedefang] Virus Handling
Rick Mallett
rmallett at ccs.carleton.ca
Wed Nov 27 14:02:01 EST 2002
Russ GilmanHunt writes:
>
> You know, in general I'd say ... with Klez or another of the reply-to
> mutilating virii, I'd silently drop it, but with a normal virus, I'd
> return it. If I was a more confident perl guru I'd write up a regex and
> post it to the list.
>
> Russ
Good idea. I might do that since my logs show that the Klez virus
outnumbers the rest by at least 100 to 1. Here is a sample line of perl
which could be placed immediately before the action_bounce statement in
routine filter:
return action_discard() if $VirusName =~ /klez/i;
or
return action_discard() if $VirusName =~ /klez|bugbear/i;
if you wanted to discard more than one.
>
> On Wed, 2002-11-27 at 08:56, Rick Mallett wrote:
> > Sorry, to ask this question again, but my previous message was
> > kind of wordy so I thought I'd try again and keep it simple.
> >
> > I'm looking for advice on handling messages that contain a virus,
> > specifically whether to use action_discard or action_bounce in
> > mimedefang-filter. The documentation sez
> >
> > "action_bounce is not appropriate for use with viruses,"
> >
> > yet the sample filter uses action_bounce in the virus detection
> > portion of routine "filter" as in
> >
> > action_bounce("Virus $VirusName found in mail - rejected");
> >
> > and I I figured there might be good reason for this and I'm reluctant
> > to change it to action_discard in case something gets broken. Any
> > advice greatly appreciated.
> >
> > - rick --
> >
> > _______________________________________________
> > MIMEDefang mailing list
> > MIMEDefang at lists.roaringpenguin.com
> > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
- rick --
More information about the MIMEDefang
mailing list