[Mimedefang] quarantine_entire_message: I don't get it

[Paul Boven]

Hi everyone,

David F. Skoll wrote:

>>So once I do a quarantine_entire_message I should then do
>>a discard() to get rid of the virus. But how would I send the intended
>>recipient a message that there's something in the quarantine in case
>>he/she is interested?

> Well, we make that difficult intentionally, because in today's environment,
> I don't think it makes sense to bombard innocent recipients with messages
> saying "You got a virus!  But we stopped it!!  If you need it, call us!!!"

The way I see it, there are these possible actions upon detecting a virus:

1.) action_discard: *poof*, the virus vanishes without a trace.

2.) action_notify_sender, which I really wouldn't use unless I am sure 
that the virus in question doesn't forge the From: header

3.) Notify recipient, who can determine if there's any chance the mail 
was legit and request it either from the administrator or sender.

We would like to implement 3) and to me it doesn't seem that 
unreasonable compared to the alternatives. Responsibility rests with the 
recipient, not the administrator, and the recipient can decide to filter 
the notifications either completely or into a seperate mailfolder, just 
like they do with the spam we tag for them.

> You could construct a new warning message using the MIME::Tools functions,
> and call replace_entire_message() inside filter_end to replace the entire
> message with your warning message.

*nod* I will have to look into that, then. I can see why you would call 
that 'intentionally difficult' yes ;-)

Regards, Paul Boven.