Scalix Forums

I'm trying to set up a new server with McAfee doing the virus scanning. It's all working inasmuch as virally-laden emails are being detected and dropped, but what I want to do is to strip infected attachments from emails but to deliver them with a system addition warning the recipient that the attachment has been removed due to virus - the same behaviour as we have at the moment with our exim/mailscanner/mcafee setup.

I DON'T want to send notification to the sender because of the number of spam viruses.

ALL-ROUTES.VIR currently contains:

VIRUS-UNCLEANED=1 ACTION=DISCARD
VIRUS-UNCLEANED=0 VIRUS-FOUND=1 ACTION=ALLOW

which is passing clean emails but dropping all infected ones, rather than stripping the attachment. What am I doing wrong?

Hi,

you are doing nothing wrong. If you need to strip the attachments, use MIMEdefang on the perimeter.

On a sidenote, there are no more viruses that attach themselves to legitimate email. Hence, a warning to the recipient is unneccessary as the mail address was most likely harvested and generated by the virus. So there is no point in warning the user ...

Cheers,

Sascha.

Thanks for the quick response. I wasn't clear enough, though. I only want attachments to be stripped if they contain viruses, not otherwise, so this isn't something I want to do on the perimeter.

garethm wrote:I only want attachments to be stripped if they contain viruses, not otherwise, so this isn't something I want to do on the perimeter.

Still, Sascha's point is a valid one. Why do you want to send these messages to the recipient? Those mails are trash anyway.

Not all of them are. I know it's very rare these days, but if a real human being accidentally (manually) emailed a virus-infected file, I'd want to know about it. Perhaps you're right, though.