Mike Leone
2003-08-25 16:08:19 UTC
I'm using amavisd-new 20030616p3-1, on Debian testing. I've been told that I
am sending out sender notifications for SOBIG.F, and I can't see why.
I want viruses rejected (no sender notifications; no recipient
notifications; do want virus admin notified; do want viruses quarantined);
(Note: we don't ban by filenames/type):
----------------------------------------------------------------------------
$final_virus_destiny = D_REJECT; # (defaults to D_BOUNCE)
$final_banned_destiny = D_PASS; # (defaults to D_BOUNCE)
#$warnvirussender = 1; # (defaults to false (undef))
#$warnspamsender = 1; # (defaults to false (undef))
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|sobig'i );
$QUARANTINEDIR = '/var/amavis';
#$virus_quarantine_method = "local:virus-%i-%n"; # default
$virus_admin = "virusalert\@$mydomain";
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
$banned_filename_re = undef;
----------------------------------------------------------------------------
That should do what I want, right? Here's the notice that virus admin (i.e.,
me), gets:
A virus (Worm.Sobig.F) was found.
Scanner detecting a virus: Clam Antivirus-clamd
The mail originated from: <?@[206.74.13.123]>
According to the 'Received:' trace, the message originated at:
UPSTAIRS (unknown [206.74.13.123])
Notification to sender will not be mailed.
The message WILL NOT BE delivered to:
< ... >:
550 5.7.1 Message content rejected, id=06652-06 - VIRUS: Worm.Sobig.F
Virus scanner output:
/var/lib/amavis/amavis-20030825T114602-06652/parts/part-00002:
Worm.Sobig.F FOUND
The message has been quarantined as:
/var/amavis/virus-20030825-115307-06652-06
-----------------------------------------
So there should be no way I'm spewing out sender notifications, is there? I
got a complaint from some admin at a local college, who says that I am.
Am I?
am sending out sender notifications for SOBIG.F, and I can't see why.
I want viruses rejected (no sender notifications; no recipient
notifications; do want virus admin notified; do want viruses quarantined);
(Note: we don't ban by filenames/type):
----------------------------------------------------------------------------
$final_virus_destiny = D_REJECT; # (defaults to D_BOUNCE)
$final_banned_destiny = D_PASS; # (defaults to D_BOUNCE)
#$warnvirussender = 1; # (defaults to false (undef))
#$warnspamsender = 1; # (defaults to false (undef))
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|sobig'i );
$QUARANTINEDIR = '/var/amavis';
#$virus_quarantine_method = "local:virus-%i-%n"; # default
$virus_admin = "virusalert\@$mydomain";
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine
$banned_filename_re = undef;
----------------------------------------------------------------------------
That should do what I want, right? Here's the notice that virus admin (i.e.,
me), gets:
A virus (Worm.Sobig.F) was found.
Scanner detecting a virus: Clam Antivirus-clamd
The mail originated from: <?@[206.74.13.123]>
According to the 'Received:' trace, the message originated at:
UPSTAIRS (unknown [206.74.13.123])
Notification to sender will not be mailed.
The message WILL NOT BE delivered to:
< ... >:
550 5.7.1 Message content rejected, id=06652-06 - VIRUS: Worm.Sobig.F
Virus scanner output:
/var/lib/amavis/amavis-20030825T114602-06652/parts/part-00002:
Worm.Sobig.F FOUND
The message has been quarantined as:
/var/amavis/virus-20030825-115307-06652-06
-----------------------------------------
So there should be no way I'm spewing out sender notifications, is there? I
got a complaint from some admin at a local college, who says that I am.
Am I?