Enabling Quarantine

Discussion in 'Installation/Configuration' started by abianci, Feb 13, 2006.

  1. abianci

    abianci New Member

    Hi folks,

    I'm trying to enable the quarantine for Spamassassin/Clamav/TrashScan to store suspicious files instead of defanging or sending just the suspicious attachment notice.

    I'd like to remove the suspicious files from the emails, and store them in some directory so I can recover the ones I want.

    I have absolutely no clue about how to do it. I have a Fedora Core 3 with the latest ISPConfig version.

    Any ideas?
    Last edited: Feb 13, 2006
  2. falko

    falko Super Moderator Howtoforge Staff

    If you use Maildir you can use maildirmake to create a virus folder for each user: http://www.howtoforge.com/forums/showthread.php?t=1147

    You can then change /root/ispconfig/isp/conf/antivirus.rc.master as follows:

    # procmail configuration for TrashScan: ZapCoded by Trashware; 13.10.2002
    # [ ... ]
    # ------------------------------------------------------------------------------------- #
    # Virus scan section ...                                                                #
    # ------------------------------------------------------------------------------------- #
    # 1. Run TrashScan
    * multipart
    * !^X-Virus-Scan:
    | /home/admispconfig/ispconfig/tools/clamav/bin/trashscan
    # 2. Filter tagged virus mails
    * ^X-Virus-Scan: Suspicious
  3. Cirox

    Cirox New Member


    i think for Maildir with courier there had to be a slash after the last folder ?

    thats right ?

    But thinking about it, mails were tagged a suspicious but will be delivered to this folder. Theres now way to send the suspicios message to this folder and to store the virus in quarantine ?

    greetings cirox
  4. falko

    falko Super Moderator Howtoforge Staff

    I don't know if this makes a difference. :confused:

    Maybe there's some kind of procmail recipe that can split the attachment from the mail and store it in a quarantine folder, but I'm not sure...

Share This Page