1 Topic by smiller50 (edited by smiller50 2018-11-03 10:58:26)

  • smiller50
  • Member
  • Offline
  • Registered: 2018-09-26
  • Posts: 16

Topic: Bounce ClamAV-intercepted emails back to the originator

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Debian Stretch
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro?  No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

When ClamAV catches a virus in an outbound email message it properly intercepts the message and quarantines the file, and sends a warning message from postmaster@<mydomain> to root@<mydomain>. This is all great, but I would prefer to send the warning message back to the originator of the message rather than the user 'root' (otherwise, with no bounce the user has no way of knowing that the message was intercepted and will never arrive at the destination.)

I found the template for the warning message in /usr/sbin/amavisd-new but I've been unable to figure out how to change the recipient from 'root' to the actual originator of the message. Can anyone help?

TIA for any tips.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Bounce ClamAV-intercepted emails back to the originator

In old amavisd release, there's an option "warnvirussender" for this purpose, but it was retired in recent amavisd releases.

3 Reply by smiller50 (edited by smiller50 2018-11-04 04:14:46)

  • smiller50
  • Member
  • Offline
  • Registered: 2018-09-26
  • Posts: 16

Re: Bounce ClamAV-intercepted emails back to the originator

I researched 'warnvirussender' (thanks for the lead) and the reason why it was removed is below. On one hand I can understand why this was done, but on the other they seem to be ignoring the obvious potential for a user to inadvertently attach an infected file to an email (vs. the email necessarily originating from a spammer, as they seem to assume all cases will be.) In the case of an innocent user attaching a virus, it seems a questionable practice to simply send the message to the bitbucket with no notification whatsoever to the sender. Not only is that undesirable for the obvious reasons but it also leaves the sender unaware that he attached a virus in the first place, leading to potential further spread.

https://sourceforge.net/p/amavis/mailma … /26477229/

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Bounce ClamAV-intercepted emails back to the originator

Unfortunately, if upstream (Amavisd) removed the code to support this feature, we cannot help much in this case. sad