Scalix Forums

Hi

I check all email traffic with clamav. Now I want a rule to mark each email containing a virus by adding a notice like *** VIRUS *** before the rest of the subject. I want to do this if the virus could be removed and also if it could not be removed. Is it possible to change the subject of a email with a rule?

Thanks

Clam does not rewrite mail headers as far as I know.

If you leave Spamassassin or Amavis something similar to do the filtering, this should be fairly trivial. Course, this won't scan internal only email.

Kev.

I thought I can do this in the file ALL-ROUTES.VIR manually. Isn't this possible?

There isn't a way to do this with Scalix.

Also, be aware that clamav doesn't have any cleaning features so it's not possible to remove the virus if it's detected. Their take on that is that once a virus has been removed, the message is pretty much useless anyway.

Scalix best practice recommendation is to discard the message immediately and *not* sent any notification. This is for a couple of reasons:

1) The originator is usually spoofed and so you're just creating extra traffic by generating non-Deliveries.

2) If you notify the recipient every time they had a virus-infected message delivered to them, that's no better than spam.

Cheers

Dave

That's the reason why I want only to mark a message by changing the subject, so that the user can decide what to do with this message. So if the whole message is useless when it is infected I think that clamav isn't a solution for me. Are there any free alternatives to clamav?

As I said, use amavis to scan incoming, this will rewrite headers for you. This will work, but it will not scan internal only mail.

I'm fairly certain that you'll find that internal messages can't have their headers rewritten.

Kev.