Mailing List Archive

Citeren Joe Acquisto-j4 <joea@j4computers.com>:

> Another question from the peanut gallery (a kids TV show reference from
> the 1950's. Which should tell you something) . . .
>
> With a local test email EICAR is detected and fed back to postfix.
> Ends up in hold queue as you would expect as
> per below as /var/log/mail says: (snipped)
>
> "postfix/cleanup[18137]: 686483954B: milter-hold: END-OF-MESSAGE
> from localhost[127.0.0.1]: milter triggers HOLD action; from="
>
> Probably this is a postifx thing, and I need to deal with that but,
> just for a sanity check (always a treat) is there something in
> /etc/clamav-milter.conf
> or elsewhere on the clamav side that can that behavior (while
> preserving the email for further disposition that is)?
>
> Just FYI at this point, wisp of idea is to process the hold queue
> (given the milter hold action will not change),
> alter the subject line per the "X-Virus-Status: Infected" text in
> the header and forward it on to the user,
> generally me.

You probably want to lookup how to process messages from the HOLD
queue in Postfix.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Citeren Joe Acquisto-j4 <joea@j4computers.com>:
>
>> Another question from the peanut gallery (a kids TV show reference from
>> the 1950's. Which should tell you something) . . .
>>
>> With a local test email EICAR is detected and fed back to postfix.
>> Ends up in hold queue as you would expect as
>> per below as /var/log/mail says: (snipped)
>>
>> "postfix/cleanup[18137]: 686483954B: milter-hold: END-OF-MESSAGE
>> from localhost[127.0.0.1]: milter triggers HOLD action; from="
>>
>> Probably this is a postifx thing, and I need to deal with that but,
>> just for a sanity check (always a treat) is there something in
>> /etc/clamav-milter.conf
>> or elsewhere on the clamav side that can that behavior (while
>> preserving the email for further disposition that is)?
>>
>> Just FYI at this point, wisp of idea is to process the hold queue
>> (given the milter hold action will not change),
>> alter the subject line per the "X-Virus-Status: Infected" text in
>> the header and forward it on to the user,
>> generally me.
>
> You probably want to lookup how to process messages from the HOLD
> queue in Postfix.
>

Strikes me my first thought may be a poor choice.

Wondering now what people generally do with infected mail? That is, is there a
general consensus?

Would it be "safe" (for the systems) to simply send the mail through, to the end
use and merely tag the subject line with "Virus Detected" as SPAM messages
are done? Send them to a quarantine mailbox for human review? Notify an
administrator there is email being "held"?

joe a.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
> Wondering now what people generally do with infected mail? That is, is there a
> general consensus?
>
> Would it be "safe" (for the systems) to simply send the mail through, to the end
> use and merely tag the subject line with "Virus Detected" as SPAM messages
> are done? Send them to a quarantine mailbox for human review? Notify an
> administrator there is email being "held"?

No.
Assuming that Postfix received the message by SMTP (unless you know
different, this is very likely) it should be able to *reject*
the message when it detects the infection.
This leaves the problem with the sending system.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Wed, 24 Feb 2021, Andrew C Aitchison via clamav-users wrote:
> On Tue, 23 Feb 2021, Joe Acquisto-j4 wrote:
>
>> Wondering now what people generally do with infected mail? That is, is
>> there a general consensus?
>>
>> Would it be "safe" (for the systems) to simply send the mail through, to the end
>> use and merely tag the subject line with "Virus Detected" as SPAM messages
>> are done? Send them to a quarantine mailbox for human review? Notify an
>> administrator there is email being "held"?
>
> No.

Agreed.

> ... Postfix ... should be able to *reject* the message ...
> This leaves the problem with the sending system.

Agreed, this is the safest approach.

But I urge those of you who are capable and comfortable with it to
TEMPFAIL instead of REJECT, then report the spam to Spamcop etc. if
you can. Not only does this tie up more resources for the offender,
but when likes of Microsoft then try to send it again, from a thousand
and twenty-two other IP addresses, you can report them all as well.

Hotmail accounts are the single worst offender by far at the moment,
so all Hotmail messages are rejected here even if they aren't spam,
but all the spam is reported to at least four spam clearing houses.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>> Citeren Joe Acquisto-j4 <joea@j4computers.com>:
>>
>>> Another question from the peanut gallery (a kids TV show reference from
>>> the 1950's. Which should tell you something) . . .
>>>
>>> With a local test email EICAR is detected and fed back to postfix.
>>> Ends up in hold queue as you would expect as
>>> per below as /var/log/mail says: (snipped)
>>>
>>> "postfix/cleanup[18137]: 686483954B: milter-hold: END-OF-MESSAGE
>>> from localhost[127.0.0.1]: milter triggers HOLD action; from="
>>>
>>> Probably this is a postifx thing, and I need to deal with that but,
>>> just for a sanity check (always a treat) is there something in
>>> /etc/clamav-milter.conf
>>> or elsewhere on the clamav side that can that behavior (while
>>> preserving the email for further disposition that is)?
>>>
>>> Just FYI at this point, wisp of idea is to process the hold queue
>>> (given the milter hold action will not change),
>>> alter the subject line per the "X-Virus-Status: Infected" text in
>>> the header and forward it on to the user,
>>> generally me.
>>
>> You probably want to lookup how to process messages from the HOLD
>> queue in Postfix.
>>
>
> Strikes me my first thought may be a poor choice.
>
> Wondering now what people generally do with infected mail? That is, is
> there a
> general consensus?
>
> Would it be "safe" (for the systems) to simply send the mail through, to the
> end
> use and merely tag the subject line with "Virus Detected" as SPAM messages
> are done? Send them to a quarantine mailbox for human review? Notify an
> administrator there is email being "held"?
>
> joe a.
>
>

I tend to agree with the "NO" votes. But, in the postfix "FILTER_README"
the author(s) suggest it is not a great idea, these days, to send the email
back to the sender, as the sender is very likely to be "spoofed". I guess there
are different ways of looking at that particular avenue.

For now I will settle on a cron job script that peeks at the hold queue every so often and
alerts someone (me) with an alert. I would have thought there was some mechanism
already built in to the milter, or postfix, to do that, optionally) but I've not stumbled on
one thus far.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Wed, 24 Feb 2021, Joe Acquisto-j4 wrote:

> I tend to agree with the "NO" votes. But, in the postfix "FILTER_README"
> the author(s) suggest it is not a great idea, these days, to send the email
> back to the sender, as the sender is very likely to be "spoofed".

You need to understand the 'SMTP conversation', and the difference
between a REJECT issue during that conversation and what many people
call a 'bounce' which takes place after it's over. This is important
for anyyone using electronic mail seriously.

The SMTP conversation takes place between a client (the one trying to
send the mail) and a server (the one that acts for the recipient to
whom the client is trying to send the mail). One of them will usually
be an MTA, like Sendmail or Postfix, but the other one EITHER might be
your 'mail client' - which is a different usage of the word 'client' -
like Thunderbird or (Heaven help us) Outlook, OR might be some server
which is acting on the sender's behalf through some arrangement they
have (like those accursed free Hotmail accounts).

The object of the conversation is for the client to hand the message
to the server and the server then to acknowledge responsibility for it.
There can be a long chain of servers, each acting as a server when it
takes mail from the client which is one hop along the chain nearer the
originator, and as a client when it sends mail on to the next server.

At some point the client says to the server "I want to send this" and
the server can respond "no thanks, go away". That means the mail was
not accepted by the server. It was a REJECT. In that case the client
usually gets back to the original sender (whoever it was) and says the
equivalent of "Sorry, no can do". The original sender is NOT the mail
address in the "From:" header in the message itself. We might never
know who it was. It's the job of the client to handle that, and some
of them don't even bother with it - especially if the client (or *its*
client) is a bot in a botnet sending billions of spam messages daily.

Now if the server instead ACCEPTs the message and then you try to send
a message back to the address given in the "From:" header, you have a
problem. The problem being that more than 90% of "From:" addresses are
forged and you've no idea if the sender really has the address given in
the "From:" header. That's the hopelessly insecure way it was designed
in the 1970s when we trusted everyone and nobody ever heard of malware.
So don't do that, it's called "backscatter spam", and, by doing it, you
just became part of the problem. And it's a BIG problem, it costs the
collective legitimate users on the planet billions of dollars annually.

> For now I will settle on a cron job script that peeks at the hold
> queue every so often and alerts someone (me) with an alert. I would
> have thought there was some mechanism already built in to the
> milter, or postfix, to do that, optionally) but I've not stumbled on
> one thus far.

It's not the job of either a milter or of Postfix to do all that.

It's your job, because only you can know the circumstances (including
the possible ramifications of a message getting lost, which range from
"nobody cares" to "all hell breaks loose in the HR department, people
get fired, people die, companies go bankrupt...").

This has probably drifted as far OT for this list as it should go.
Welcome to the delights of running your own mail server. I've been
doing it for over a quarter of a century, and I wouldn't have it any
other way, but it ain't all roses. Perhaps you could share with us
why you feel the need to do it?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 2/24/21 6:26 AM, Joe Acquisto-j4 wrote:
> For now I will settle on a cron job script that peeks at the hold queue
> every so often and alerts someone (me) with an alert.

*nod*nod*

I have a daily cron job that runs a script which shows me:

- Number of messages which are:
- Normally queued messages for the MTA
- Held (Postfix parlance) / Quarantined (Sendmail parlance)
messages for the MTA
- Normally queued messages for the MSA
- Output of mailq for:
- Held / Quarantined messages
- Normally queued messages for the MSA

I don't show the output for the normally queued messages for the MTA
because that's a constant state of flux and working like it should.

I mainly care to see held / quarantined messages and if something's
wrong with the MSA queue.

> I would have thought there was some mechanism already built in to the
> milter, or postfix, to do that, optionally) but I've not stumbled on
> one thus far.

There is. The command is called "mailq". It's designed to print status
to STDOUT and be consumed by a human. Many people have this output
emailed to them or apply some sort of script logic to it.

Note: This MTA administration is decidedly NOT the milter's job. The
milter's job is to filter discrete messages and return a -1 / 0 / 1
status to the MTA. The MTA is what's responsible for managing /it's/ queue.



--
Grant. . . .
unix || die

. . .
> This has probably drifted as far OT for this list as it should go.
> Welcome to the delights of running your own mail server. I've been
> doing it for over a quarter of a century, and I wouldn't have it any
> other way, but it ain't all roses. Perhaps you could share with us
> why you feel the need to do it?
>
> --
>
> 73,
> Ged.
>

Thanks for your reply.

In short, I do it because I want to.

As to why I decided to add AV to my own system, that was mainly
motivated by a spate of questionable emails seemingly of phish nature
as they were unsolicited and had attachments appearing to be Word
or Excel documents purporting to contain "vital information". While
easy enough to dismiss, it became of interest to me how these might
have slipped through my providers AV and thought it a good excuse
to engage in a bit of "fun" and brain exercise.

To "fill in the blanks". For some years prior to my
retirement several years ago, from active paid employment,
I managed as a contractor an email system for a state
agency with over 5,000 users. My involvement in computers/"IT"
dates to the 1970's, (and before) an era of discrete circuits, magnetic
core memory, punch cards and patch panels.

Back OT, my post was about dealing with items that have already
been processed and are in the posfix HOLD queue, per the action
of clamav-milter, waiting for disposition in some way.

Sorry if my queries irritate you at all, as I presume they must have.

joe a.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> On 2/24/21 6:26 AM, Joe Acquisto-j4 wrote:
>> For now I will settle on a cron job script that peeks at the hold queue
>> every so often and alerts someone (me) with an alert.
>
> *nod*nod*
>
> I have a daily cron job that runs a script which shows me:
>
> - Number of messages which are:
> - Normally queued messages for the MTA
> - Held (Postfix parlance) / Quarantined (Sendmail parlance)
> messages for the MTA
> - Normally queued messages for the MSA
> - Output of mailq for:
> - Held / Quarantined messages
> - Normally queued messages for the MSA
>
> I don't show the output for the normally queued messages for the MTA
> because that's a constant state of flux and working like it should.
>
> I mainly care to see held / quarantined messages and if something's
> wrong with the MSA queue.
>
>> I would have thought there was some mechanism already built in to the
>> milter, or postfix, to do that, optionally) but I've not stumbled on
>> one thus far.
>
> There is. The command is called "mailq". It's designed to print status
> to STDOUT and be consumed by a human. Many people have this output
> emailed to them or apply some sort of script logic to it.

Thanks. Workable.

> Note: This MTA administration is decidedly NOT the milter's job. The
> milter's job is to filter discrete messages and return a -1 / 0 / 1
> status to the MTA. The MTA is what's responsible for managing /it's/ queue.

Ah. Well I did not mean to suggest the milter should "manage" the postfix queue
at all, but could alter any "directive" as to disposition. The log messages I noticed,
for "infected" mail (/var/log/mail) seem to suggest postifix was dealing with these in a
way "directed" by the milter.

Perhaps these are "distinctions without a difference" brought about my own, limited
familiarity with the tech and terms.

> --
> Grant. . . .
> unix || die


Thanks agian

joe a.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 2/24/21 9:56 AM, Joe Acquisto-j4 wrote:
> Thanks. Workable.

*nod*

> Ah. Well I did not mean to suggest the milter should "manage"
> the postfix queue at all, but could alter any "directive" as to
> disposition. The log messages I noticed, for "infected" mail
> (/var/log/mail) seem to suggest postifix was dealing with these in
> a way "directed" by the milter.

Yes, milters tell the MTA what they think should be done with the message:

- Known good - you should really accept this message
- Unknown - let something else decide
- Known bad - you should really reject this message
- hold / quarantine - let something else review messages later

But that's just what the milter thinks of the message. The MTA is
ultimately what decides what to do with the message, often influenced by
milters / RBLs / etc.

> Perhaps these are "distinctions without a difference" brought about
> my own, limited familiarity with the tech and terms.

Think about it this way. The MTA is the bouncer at the entrance to a
club called "The Mail Server" -- I hear Sim City style cheering for
the Mayor's house. -- and the bouncer reads from a list to see who is
allowed in or not. The milter will assess something about the person(s)
requesting entry and scribble a note on the list the bouncer (the MTA)
reads in near real time. The MTA (the bouncer) does the enforcement.
The milter (management) updates the list.

> Thanks agian

You're welcome.



--
Grant. . . .
unix || die

On 2/24/21 9:47 AM, Joe Acquisto-j4 wrote:
> Back OT, my post was about dealing with items that have already
> been processed and are in the posfix HOLD queue, per the action of
> clamav-milter, waiting for disposition in some way.

Hypothetically, a milter, such as clamav-milter, could say:

```
This file looks suspicious, but none of my virus definition lists
confirm it. Hold on to this message for a while. Hopefully if it is a
bad message / file it's only a matter of time before the virus
definition lists are updated with the new signature.
```

Thus when someone / something processes the held / quarantined messages,
they will find this virus with the updated definition lists and be glad
that it was not sent on wards and delivered to an end user.

Aside: I use Sendmail's quarantine capability for messages to / from
specific domains. Currently lab domains and two customer domains that
forward which were receiving a spate of spam that made it through my
filters. So I manually review things to / from the lab or to the
customer and release clean messages.

With Sendmail, I unquarantine a message and it simply puts it back in
the mail queue for regular processing. Thus messages just spent longer
than normal on my mail server. -- I don't know how Postfix does
things, but I assume it's conceptually similar.



--
Grant. . . .
unix || die

Hi there,

On Wed, 24 Feb 2021, Joe Acquisto-j4 wrote:

> ... limited familiarity ...

Of course. It all takes time and neurone cycles.

There's a simple-minded but reasonable view of the milter API at

https://howto.lintel.in/what-is-milter/

which has a useful diagram although it's inaccurate.

This goes into significantly more detail:

https://www.roaringpenguin.com/files/filtering-with-milter.pdf

but beware that it's old, and it's mostly about MIMEDefang, which I
used to use but found a trifle cumbersome so I eventually dropped it
(and wrote my own MIME handling). Also I don't think the original
owner of Roaring Penguin still works with mail so I don't know if
MIMEDefang is still supported and/or promoted.

There's a fairly extensive list of resources for which I can't
necessarily vouch at

http://milter.free.fr/intro/all.htm

and you'll find a rather impenetrable but highly detailed description
of the API in the 'docs' directory beneath the 'libmilter' directory
in the Sendmail source code, for example this fairly up-to-date copy:

https://fossies.org/linux/sendmail/libmilter/docs/overview.html

That is, I'm afraid, the definitive guide for the milter API at least
until I finish writing mine. :)

Since you've mostly been asking about things to do with clamav-milter,
this is more or less back on-topic again. :)

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

>> This has probably drifted as far OT for this list as it should go.
>> Welcome to the delights of running your own mail server. I've been
>> doing it for over a quarter of a century, and I wouldn't have it any
>> other way, but it ain't all roses. Perhaps you could share with us
>> why you feel the need to do it?

On 24.02.21 11:47, Joe Acquisto-j4 wrote:
>In short, I do it because I want to.
>
>As to why I decided to add AV to my own system, that was mainly
>motivated by a spate of questionable emails seemingly of phish nature
>as they were unsolicited and had attachments appearing to be Word
>or Excel documents purporting to contain "vital information". While
>easy enough to dismiss, it became of interest to me how these might
>have slipped through my providers AV and thought it a good excuse
>to engage in a bit of "fun" and brain exercise.

you can use amavisd-new, as milter (using amavisd-milter) or maybe postfix
content_filter (but that's post-queue which means you can't reject it
anymore and sending bounces is not safe)

amavisd supports own quarantine and releasing from it.


--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Citeren Matus UHLAR - fantomas <uhlar@fantomas.sk>:

> you can use amavisd-new, as milter (using amavisd-milter) or maybe postfix
> content_filter (but that's post-queue which means you can't reject it
> anymore and sending bounces is not safe)

Postfix has also a smtpd_proxy_filter, which does basically the same
as content_filter but then pre-queue and will allow rejecting obvious
spam, virusses or otherwise unacceptable content.

> amavisd supports own quarantine and releasing from it.

And SpamAssassin, DKIM signing, blocking attachments on content-type
and much more.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Perhaps you should look into MailScanner and MailWatch. Mailscanner (package
for Suse available) will handle the interaction with spamassassin and clamd
(as well as other A/V solutions) and MailWatch provides a nice GUI for
quarantine and archive. Once set they just work.

Rick

Joe Acquisto-j4 wrote:
>> On 2/24/21 6:26 AM, Joe Acquisto-j4 wrote:
>>> For now I will settle on a cron job script that peeks at the hold
>>> queue every so often and alerts someone (me) with an alert.
>>
>> *nod*nod*
>>
>> I have a daily cron job that runs a script which shows me:
>>
>> - Number of messages which are:
>> - Normally queued messages for the MTA
>> - Held (Postfix parlance) / Quarantined (Sendmail parlance)
>> messages for the MTA
>> - Normally queued messages for the MSA
>> - Output of mailq for:
>> - Held / Quarantined messages
>> - Normally queued messages for the MSA
>>
>> I don't show the output for the normally queued messages for the MTA
>> because that's a constant state of flux and working like it should.
>>
>> I mainly care to see held / quarantined messages and if something's
>> wrong with the MSA queue.
>>
>>> I would have thought there was some mechanism already built in to
>>> the milter, or postfix, to do that, optionally) but I've not
>>> stumbled on one thus far.
>>
>> There is. The command is called "mailq". It's designed to print
>> status
>> to STDOUT and be consumed by a human. Many people have this output
>> emailed to them or apply some sort of script logic to it.
>
> Thanks. Workable.
>
>> Note: This MTA administration is decidedly NOT the milter's job.
>> The milter's job is to filter discrete messages and return a -1 / 0
>> / 1
>> status to the MTA. The MTA is what's responsible for managing
>> /it's/ queue.
>
> Ah. Well I did not mean to suggest the milter should "manage" the
> postfix queue
> at all, but could alter any "directive" as to disposition. The log
> messages I noticed, for "infected" mail (/var/log/mail) seem to
> suggest postifix was dealing with these in a way "directed" by the
> milter.
>
> Perhaps these are "distinctions without a difference" brought about
> my own, limited familiarity with the tech and terms.
>
>> --
>> Grant. . . .
>> unix || die
>
>
> Thanks agian
>
> joe a.
>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Perhaps you should look into MailScanner and MailWatch. Mailscanner (package
> for Suse available) will handle the interaction with spamassassin and clamd
> (as well as other A/V solutions) and MailWatch provides a nice GUI for
> quarantine and archive. Once set they just work.
>
> Rick
>

Thanks. Looks like quite a lot to attempt to absorb. But very interesting.

joe a.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Unsubscribe

On Thu, Feb 25, 2021 at 8:58 AM Joe Acquisto-j4 <joea@j4computers.com>
wrote:

>
> > Perhaps you should look into MailScanner and MailWatch. Mailscanner
> (package
> > for Suse available) will handle the interaction with spamassassin and
> clamd
> > (as well as other A/V solutions) and MailWatch provides a nice GUI for
> > quarantine and archive. Once set they just work.
> >
> > Rick
> >
>
> Thanks. Looks like quite a lot to attempt to absorb. But very
> interesting.
>
> joe a.
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--

Chaitanya Parekh
Enjay - Bhilad