Per-destination virus type maps?

Hi list,

I'd like to use amavisd-new (2.4.1) to selectively pass
viruses by name
through to selected mailboxes, without defining them as
virus_lovers.  I
can think of a couple of approaches:

1. Set up a policy bank that overrides av_scanners, including:

['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n",
"/var/run/clamav/clamd"],
   qr/(\bOK|\.Phishing\.\S+ FOUND)$/,
qr/(?!\.Phishing\.)(.*) FOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

2. Set up quarantine to be delivered to some SMTP
destination
via virus_quarantine_to_maps instead of "local:"
and have forwarding rules
at the quarantine destination handle it. This would probably
be more work to
integrate with our existing stuff (quarantine expiry
scripts, etc.)

virus_quarantine_to_maps = (   # per-recip multiple
quarantines
  #delivery to 'infected' invokes rules to check what it
should forward
  new_RE( [qr'^userexample\.com$'i =>
"infected\$mydomain"], 
  $virus_quarantine_to,  # the usual default
);

3. Just run a cron job that releases the messages I want
from quarantine.
This is what I have now.

At a guess, option 1 would be the least disruptive to the
rest of our
environment, option 2 would be the easiest to extend with
more users and
virus name patterns, and option 3 the simplest to implement,
though
lacking some timeliness of delivery.

Am I right in thinking that to use option 1 with Postfix,
I'd need proper
multi-instance and feed mail to amavisd via transport maps
rather than
content_filter to correctly handle multi-recipient mail? And
would that
break XFORWARD (TFM suggests it won't)?

TIA
rob



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On Tue, May 23, 2006 at 02:07:46PM +1000, Rob Chanter wrote:
> 
> I'd like to use amavisd-new (2.4.1) to selectively
pass viruses by name
> through to selected mailboxes, without defining them as
virus_lovers. 

I notice that I don't actually have a question in there.
Has anyone done
something similar, or could anyone recommend an approach for
what I am trying to
do?

Even better, is this a reasonable feature request for the
next version? I'm not
really comfortable with ClamAV's proposal to special-case
phishing, and I think
this sort of policy application really belongs in the
content-filter layer.

cheers
rob



-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the
Cost and Risk!
Fully trained technicians. The highest number of Red Hat
certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/