[Mimedefang] bad extensions
Matthew Thomas
mthomas at biocontrolsys.com
Thu Jan 8 15:30:33 EST 2004
> -----Original Message-----
> Behalf Of Douglas, Jason
> I'm wondering about the best way to handle "bad" attachments.
>
> So that means it quarantines the message in
> /var/spool/MD-Quarantine/, and that neither the sender nor
> the recipient receive any notification of the email at all,
> is that correct?
>
> How do other people handle "bad" file attachments? Or do you
> just ignore them and let virus scanners determine which are
> really bad?
MIMEDefang quarantines only the attachment and replaces it with message
saying that the attachment was removed because it was a security hazard. So
the sender gets the mail, but not the attachment.
I deal with bad attachments in a few ways.
1) Some I strip out at firewall/smtp proxy and let the modified message
through. Most of the mails caught here are spam-type emails with bad MIME
types. I can then use my firewall message to filter in MIMEdefang or
spamassassin.
2) More I strip out in MIMEDefang and let the modified message through.
3) Two or three types I have MIMEDefang drop the message completely.
4) I also have virus scanners running on every machine to catch anything
that might get through my filters.
Regards,
Matt Thomas
More information about the MIMEDefang
mailing list