[Avcheck] inclusion / exclusion of envelope recipients
Michael Tokarev
mjt@tls.msk.ru
Wed, 09 Jan 2002 14:30:25 +0300
Luke Dudney wrote:
>
> I have not played with avcheck a great deal beyond testing and customizing
> the infected script.
> I am wondering if there is an easy way to give avcheck a list of recipient
> email addresses to scan and to simply pass all other addresses without
> scanning.
I don't know if this is acceptable from *policy* point of view (technically
this isn't a problem at all). The solution was once proposed on this list,
here is is again, very simple.
Allow avcheck to scan *all* mails. It's *technically* ok to do this,
especially if most of your users will "subscribe" to this virusscanning
service. Next, in infected handler (it will be called very infrequently),
log a line to syslog, check sender/recipients, and send original mail to
non-subscribers and/or virus notifications to subscribers. Handle
non-subscribers first and ignore errors sending notifications to subscribers,
so that non-subscribers will not receive several copies in case of some
failure. That's all. This way, you will have logs "for free" -- to be
able to convince non-subscribers to subscribe to this service for example...
You can choose to check all outgoing (locally-originated) mails -- "we
don't want to send your viruses to other parties, even if you don't
subscribed to this service".
But as I said, I don't know if this will be acceptable from the "political"
point of view.
Regards,
Michael.