[Mimedefang] Virus Notifications for Recipients

[Matthew.van.Eerde at hbinc.com]

Kevin A. McGrail wrote:
> Hello All,
> 
> I'd like to send an email with virus notification for recipients
> internally (NOT for Senders) as we have had a few instances where
> something important was stripped.
> ...
> My hopes is that this will essentially just send a simple note to a
> user that they would have received a virus but now they are just
> receiving this little email.  Can anyone confirm or recommend a
> better solution? 

What we do is:

Run clamav - if a virus is found, reject delivery.  Real viruses don't generate undeliverable reports to the sender.  Legitimate mail senders usually do.

Do an extension analysis - if the file still looks dangerous (but isn't a recognized virus), we quarantine the attachment and replace it with a warning#.txt containing a customized message.  Most of the time the thing really was dangerous and that's the last we hear of it.  The 1% of the time that the thing was really good, the user reads the customized message.  The message says how to get the thing out of quarantine - namely, forward the message to the helpdesk.  The message also includes a command line that the helpdesk can copy/paste into a command prompt.  This scp's the attachment out of quarantine.

The helpdesk can then eyeball the attachment to make sure the user isn't off base, as has happened.  (Yes, I've had people request that viral things be pulled out of quarantine... *sigh*)  If it looks good, the helpdesk replies to the original user and attaches the now unquarantined attachment.

Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"