wblock at wonkity.com
Sun Apr 18 07:05:07 PDT 2004
On Sat, 17 Apr 2004, Matthew Seaman wrote:
> On Sat, Apr 17, 2004 at 02:00:59PM -0400, Chuck Swiger wrote:
> > Warren Block wrote:
> > >What do people do for milter logging? A MAILER-DAEMON message for every
> > >virus caught by clamav-milter is a little annoying (both to the intended
> > >recipient and to postmaster), but I'm hesitant to just discard them.
> clamav-milter logs what it does to syslog very effectively. The
> warning messages to postmaster aren't really necessary but for a low
> traffic site, they do give you some vicarious pleasure for a while.
My mistake was that in trying to make sure I didn't bounce virus mail to
forged From: addresses, I overrode the default clamav-milter flags with
just -N (--noreject). This was not the correct option, and not the only
option needed. "--quiet --local --outgoing --max-children=50" seems to
be more like what was needed.
> > Refusing to accept viral mail is the best option if you can; failing that,
> > I discard such messages. Frankly, I gave up bouncing viral mail after I
> > got tired of answering complaints when someone got a bounce from a
> > forgery...
I've said elsewhere that it's silly for an antivirus program to trust
*any* information in a known virus-generated message. That would
include bouncing to the From: address.
> Yes -- rejecting the messages at the SMTP DATA stage is the way to go.
Which is what is accomplished with clamav-milter, at least with the
right combination of flags. 8-)
I'd still like some summary logging of the results; if a system has sent
a lot of viruses recently, it may be necessary to reject them through
access.db, or even at the firewall.
-Warren Block * Rapid City, South Dakota USA
More information about the freebsd-questions