The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ACL help with clamavconnector

Discussion in 'General Discussion' started by mealto, Jun 4, 2008.

  1. mealto

    mealto Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    So with the help of cpanel tech support, we have this ACL portion working with clamavconnector. It will delete / reject any emails that contain a virus but it will also send a rejection notice to the sender. Most email viruses that come in to our server are from hackers and spammers. We do not want to broadcast to them that they have even reached a destination. Can someone help us tweak the codes so that:

    1. Instead of a rejection notice to the sender, we would like to silently delete the email with the virus without notifying the sender.

    2. Even better if we can set it up so that the codes can disable the rejection notice, delete the email and virus, then send us a warning email.

    Is that possible? Here is what we have now.

    ----
    #antivirus scanning begin
    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

    deny message = This message contains a virus or other harmful content
    ($malware_name)
    demime = *
    malware = *

    deny message = This message contains an attachment of a type which we do not
    accept (.$found_extension)
    demime = bat:com:pif:prf:scr:vbs

    warn message = X-Antivirus-Scanner: Our antivirus has found this message to be
    clean, but you should check it with your own to be sure.
    #antivirus scanning end
    ----
     
    #1 mealto, Jun 4, 2008
    Last edited: Jun 4, 2008
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Assuming it is rejecting during SMTP time if there is a virus, why in the world would you want to change this by accepting/dropping it and not notifying the sender? If it's rejecting during SMTP time, you aren't _bouncing_ back the email and thus are not participating in backscatter. You're doing the rihgt thing. And, if the sender was a legitimate sender who had a virus in the email that they sent, it sure helps them to be notified. If the sender is a forged sender, so what - it's not your server that would be sending a message back.

    If your server is going to take the time to virus-scan the message in the first place, then the least resource intensive thing to do is just reject it while the SMTP transaction is still open so that the sending mail server or virus-infected machine gets the picture.

    It can't hurt you to reject with a specific message as long as you are truly rejecting during SMTP rather than accepting/bouncing it.

    Mike
     
  3. mealto

    mealto Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    The reason that we want to stop the notification email is that as of now, 100% of the viruses that have come in to our server has been from a hacker / spammer.

    The notification email contains a message that was pulled from the above ACL. Wouldn't that mean that the server had something to do with the notification message? If so, I would also hazard a guess that there is a potential our server or IP or email address would be announced to the spammer. Is that not the case?

    We do not want to send a notification email after a virus has been detected. Is there a way to do this? Any help would be appreciated.
     
  4. mealto

    mealto Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Anyone have a way to do the above?
     
  5. mealto

    mealto Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Can anyone help? Last try.
     
Loading...

Share This Page