Thinking about this a little more, what is the real requirement to have the local mail administrator notified that an external person attempted to send a virus to one of their users?
Armed with this information, what is the mail administrator then going to do?
If the requirement is for the mail administrator to get a warm fuzzy feeling that virus e-mails are being caught, or there is a need to see how many virus e-mails are arriving at the company then this information can potentially be gleaned from the Scalix audit log files.
e.g. if I enable audit logging (to at least level 9) on the Service router then I can see in the audit log (~scalix/logs/audit):
routing
time 1118314620 Thu Jun 9 03:57:00 2005 -420
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 1
hop-count 1
originator .....originator information......
subject test virus reject
ua-message-id H00000f500386b21.1118314609.host.foobar.com
mta-message-id H00000f500386b21.1118314609.host.foobar.com
part-size 215
part-type 1166 DISTRIBUTION LIST
part-size 1091
part-type 2130 Microsoft RTF
part-size 69
part-type 0 BINARY FILE
virus-uncleaned Eicar-Test-Signature
recipient-to ......recipient information.......
ack-req 0 none
message-filter-info +VIRUS-UNCLEANED=REJECT
non-delivery-reason 8
max-nest-depth 0
message-size 8797
part-count 3
delivered-count 0
So I can see who sent the message, who it was destined for what the virus was and the action taken.
A script could be written to harvest this information from the audit files on a regular basis in order to keep the mail administrator informed of what is happening.
Any good?
Cheers,
JG