Re: [AMaViS-user] local sender notification

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Florian,

| $viruses_that_fake_sender_re = new_RE(...,  [qr/.*/ => 1]);
| 
| With that, I hope to limit the risks of false notifies and DDOS attacks
| using notifies. Everything seems to be okay, someone always gets notified
| when a message is being dropped. However, there is one case no notification
| is sent: when a local user sends a message with a virus attached to a remote
| one. Sometimes, virus scanners have false alarms and then messages are
| silently dropped that have no viruses. This is something that is not good.
| Do you have any idea what could be tweaked on the above configuration to
| limit that risk?

- complain to virus scanner vendor when a scanner produces false positive
  (ClamAV sometimes does it - send them inappropriately qualified samples)

- virus admin receives in the subject line a best guess IP address
  if the SMTP client, e.g. '...FROM <?@[211.159.91.69]>'
  A procedure can be devised to issue a warning if the IP address
  belongs to local networks. The true user e-mail address remains unknown.

Mark