Nico Erfurth <masta@???> wrote:
>
>Which brings up another question, "To reject, or not to reject".
>How do others handle virus-mails? Sending them into a blackhole,
>rejecting them or saving them for later investigation?
We use MailScanner, which operates after messages have been accepted.
If the scanner finds a virus in a message, it replaces the attachment
with a notice saying why it was removed. This is also done to messages
that use dangerous attachment file names (e.g. .exe) or which file(1)
says are executable. The recipient of the message is therefore protected,
and is informed enough to decide if the message can be deleted, or if
they need to ask their correspondent to re-send the attachment in a
zip file etc.
Messages containing viruses on a special list (e.g. Mydoom, Sobig) are
just deleted.
I wasn't happy with the state of exiscan when I started the scanner
project. It seems much more powerful now, and since I would like to do
more SMTP-time rejection it looks like a good bet. I'll probably keep
the MailScanner installation for internal email, since it's friendlier
towards MUAs.
Tony.
--
f.a.n.finch <dot@???>
http://dotat.at/
THAMES DOVER WIGHT PORTLAND PLYMOUTH: NORTHWESTERLY 4 OR 5, INCREASING 6 OR 7,
PERHAPS GALE 8 LATER IN THAMES. OCCASIONAL RAIN AND SNOW. MODERATE OR GOOD.
