[Mimedefang] Notify question

[Tony Nugent]

On Mon Jan 27 2003 at 16:02, Rick Knight wrote:

> they seem to be working very well. One question, when a virus is found,
> I want to be notified and I also want the sender to be notified.

Generating an administrative email is ok, but I would highly
recommend *NOT* generating a reply to the sender.  Nor bouncing
them.

Many viruses forge sender addresses (bugbear being a classic case),
all you will be doing is generating otherwise unnecessary traffic
and confusing (and perhaps alarming) often otherwise innocent
people.

I also don't recommend simply removing/replacing the infected part
and passing on the rest of the altered message to the recipient,
they (usually) don't care that they have been sent a virus, and
often the rest of the message payload is "sensitive" material
randomly taken from the victim's system (ie, not intended to be sent
anywhere in the first place).

IMHO, in most cases the "best thing" to do is to simply discard the
infected messages altogether (after admin notification and perhaps
quarantine).

> no notification either as the sender or as the mimedefang admin. Also, I
> set the filter to quarantine infected files, but I get no notification
> of the quarantine. If I look at /var/log/maillog, I can see that things
> are being placed in quarantine. Have I missed another setting?

You can specifically call action_notify_administrator($msg) in your
filter, although action_quarantine($entity,$msg) is supposed to do
that anyway.  Same for action_quarantine_entire_message($msg) if
$msg is not null.

Also, with sendmail 8.12.x make sure you have a client-queue runner
happening, these messages are posted in deferred mode so you won't
see them until the next mail queue run.

See man mimedefang-filter for all the details.

> Thanks,
> Rick Knight
> (rick at rlknight.com)

Cheers
Tony