On Thu, Apr 15, 2004 at 10:07:34AM +1000, Peter Williams wrote:
>
> With the amount of viruses floating around I was wanting to configure
> Anomy to either drop the whole email or send it to a Junk email
> address. Only in the event of the email containing an infected
> attachment.
Hi Peter,
I was exactly in your situation. That's how I managed to route
infected e-mail to a dedicated mailbox:
- in anomy.conf, associate the "file-is-infected" exit codes of the
antivirus to a policy ending in "!" (e.g. "defang!"). This will cause
Anomy to exit with a non-zero status after processing the message.
- Then, in the external program calling Anomy, check the exit status,
and if it's nonzero then
(quarantine|discard|do_whatever_you_like_with) the message.
Note that AFAIK Anomy could exit with a non-zero status on at least
another occasion, namely if the message fails many sanity checks
(there's a configurable threshold for that).
IMHO it would be nice to be able to associate exit codes to policies, in
order to differentiate such cases. For example, "defang|100" would
defang the message and set Anomy's exit code to 100.
A step further would be to have a mechanism to propagate the scanner's
exit code to Anomy's. For example, "defang|100+" would set Anomy's exit
code to (100 + the scanner's exit code).
Cheers
David
-- David Santinoli, Milano + <122678@xyz.molar.is> Independent Linux/Unix consultant + http://www.santinoli.com