Warning email for removed attachments

Questions and answers about how to do stuff
Post Reply
colin
Posts: 99
Joined: 13 Feb 2014 16:09

Warning email for removed attachments

Post by colin »

When EFA scans a zip file and finds that it contains an exe file, it sends an email to the recipient something like:
{Filename?} Lloyds TSB transaction notification #0282-497

I DO want it to find and block emails with zip files containing unacceptable attachments but I DON'T want it notifying the recipient that it has done so. Is there a way of achieving this?
colin
Posts: 99
Joined: 13 Feb 2014 16:09

Re: Warning email for removed attachments

Post by colin »

I think I understand this more now

This is what was in our config file:
# The maximum depth to which zip archives, rar archives and Microsoft Office documents will be unpacked, to allow for checking filenames and filetypes within zip and rar archives and embedded within Office documents.
#
# Note: This setting does *not* affect virus scanning in archives at all.
#
# To disable this feature set this to 0.
# A common useful setting is this option = 0, and Allow Password-Protected Archives = no. That block password-protected archives but does not do any filename/filetype checks on the files within the archive.
# This can also be the filename of a ruleset.
Maximum Archive Depth = 8

My interpretation of this is:

When the value is non-zero, any archive is opened and if it contains a file that is not allowed (eg .exe) then it strips it out and sends an email to the recipient saying what it has done. It does not bother to virus scan it because it has thrown it away.

When the value is zero, it does not strip out any zip file contents (eg .exe) but in this case it does scan them for viruses. If a virus is detected then it blocks the email but does not notify the recipient.

Am I correct?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Warning email for removed attachments

Post by shawniverson »

That seems accurate, although I have not tested it.

You can also modify the report sent. Look in /etc/MailScanner/reports/en for the reports.
Post Reply