[Mimedefang] virus scanning and notifications
cc
cc at belfordhk.com
Sun Nov 2 23:21:49 EST 2003
Hi,
I have quite a stable (knock on wood) Mimefang setup with
some minor issues in tweaking.
I've noticed while tweaking the settings that the
$VirusName is different depending on where you put
it.
During my initial foray into MIMEDefang, I noticed
that in filter_begin(), $VirusName = suspicious,
whereas in filter() it is the Virus name. Perhaps
this is meant to be that way.
Just for clarification, if an incoming mail is infected
with SWEN, the badfilename filter action is done then
the virus scanner checks it out (or does it?). Recently
in 2.38, I noticed that the SWEN-infected mail aren't
being processed. Before, when a virus is detected in
an email, MIMEDefang 'drops' the file but posts a notification
of the action to the user as well as adding a tidbit
at the end telling the user what virus was detected. I
also had MIMEDefang add as a suffix { Virus $VirusName removed }
added to the subject.
Now this doesn't seem to work consistently. Sometimes
it gets detected, other times not. I don't quite
understand what's going on. Also, is it better to
quarantine the infected mail or to just delete it outright?
I'm using MIMEDefang 2.38, clamAV as my scanner on a Linux 2.4.xx
machine.
Would anyone know what possible reasons there are for such
discrepencies?
Thanks.
More information about the MIMEDefang
mailing list