1 Topic by RajeshM (edited by RajeshM 2019-10-06 21:09:39)

  • RajeshM
  • Member
  • Offline
  • Registered: 2019-09-06
  • Posts: 136

Topic: antivirus scanning

hello

can we carry out only antivirus scan (not spamassassin scan) at the smtp level itself ?

for example if my customer's email id and password is compromised and the email id is used to send out virus mails, can the same be stopped at smtp level, instead of accepting the email first and then scanning the emails ?

or when someone sends malware emails  to my customer and the server rejects the mail at smtp level


thanks,
rajesh

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,091

Re: antivirus scanning

- With default iRedMail settings, email contains virus will be discarded or quarantined.
- You can configure Amavisd policy to discard or quarantine spam too by updating SQL table "amavisd.policy", the global policy is defined by SQL record with "policy_name='@.'".

3 Reply by RajeshM

  • RajeshM
  • Member
  • Offline
  • Registered: 2019-09-06
  • Posts: 136

Re: antivirus scanning

Hi,
Thanks for the help

However my question was whether such mails can be stopped at smtp level itself

Thanks

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,091

Re: antivirus scanning

At SMTP level? The question is, how does your system know it's a spam/virus at SMTP level?
spam/virus scanning happens at after-queue level, but smtp level is before-queue.

5 Reply by RajeshM

  • RajeshM
  • Member
  • Offline
  • Registered: 2019-09-06
  • Posts: 136

Re: antivirus scanning

We are currently using qmail toaster with spamdyke and simscan (invokes clam and spamassassin)

Simscan is called at smtp level and rejects emails that are virus or have a high spam score.

if it is possible to block atleast virus at smtp level it would helpful. The reason is that once  spammers sees that we are accepting mails with virus (even though we are discarding/quarantining) they will keep sending in increasing numbers.

If the above is not feasible, is there any alternative solution ?

Thanks

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,091

Re: antivirus scanning

SpamAssassin and ClamAV are configured to be ran in after-queue stage, we have no plan to change it to before-queue stage, sorry.