Catching Viruses

Use the following three "virus" filters to modify how PureMessage handles virus-laden messages.

Note: The optional "PureMessage-Policy-Virus" package is required when using any of the following virus filters.

Example 1: Quarantine all external messages containing virus variants.

Use the "virus 1" filter to quarantine all external messages containing virus variants. The "virus 1" filter is a modification to the default policy filter found in Policy Script 2: Scan External Mail for Viruses. Unlike the default filter, the "virus 1" filter quarantines all messages containing virus variants. No attempt is made to clean infected messages. See the pmx_virus command in the pmx-policy manpage.

# attr NAME=virus 1
    # Quarantines all infected messages.
    if pmx_virus {
    pmx_quarantine "Virus";
    }

Description:

Where does this filter go?

The "virus 1" filter replaces the Policy Script 2: Scan External Mail for Viruses filter. Replacing this default policy filter with the "virus 1" filter ensures that:

Example 2: Attempt to clean all internal messages containing virus variants.

Use the "virus 2" filter to clean all internal messages containing virus variants. The "virus 2" filter is a modification to the default policy filter found in Policy Script 1: Scan and Deliver Internal Messages. Unlike the default filter, the "virus 2" filter attempts to clean virus variants from all messages sent through internal hosts. The default policy rejects all internal mail containing viruses.

# attr NAME=virus 2
#
if pmx_virus {
    pmx_file "Virus";
    pmx_virus_clean "cantclean.tmpl";
    pmx_replace_header "Subject" "[PMX:VIRUS] %%SUBJECT%%";
    stop;
}

Description:

This filter attempts to clean the virus-laden message. If the message is successfully cleaned, it is sent to its original recipients. If the virus is not successfully cleaned, the infected part is replaced with the error template cantclean.tmpl. The "Subject" is marked with " [PMX:VIRUS] " to inform recipients that PureMessage found a virus.

Where does this filter go?

The "virus 2" filter replaces the Policy Script 1: Scan and Deliver Internal Messages filter. Replacing this default policy filter with the "virus 2" filter ensures that:

Example 3: Discard external messages containing specific viruses.

Use the "virus 3" filter to evaluate mail sent through external hosts and to discard messages containing either the "Klez" or "Sobig" variants. The "virus 3" filter is a modification to the default policy filter found in Policy Script 2: Scan External Mail for Viruses. Unlike the default filter, the custom "virus 3" filter searches for specific viruses using the pmx_virus_id command.

# attr NAME=virus 3
# Discards messages infected with Klez or Sobig variants.
# Attempts to clean messages infected with other variants.
if pmx_virus {
    if pmx_virus_id :matches ["*Klez*", "*Sobig*"] {
        discard;
        stop;
    }
    pmx_file "Virus";
    pmx_virus_clean "cantclean.tmpl";
    pmx_replace_header "Subject" "[PMX:VIRUS] %%SUBJECT%%";
}

Description:

Where does this filter go?

The "virus 3" filter replaces the "Policy Script 2: Scan External Mail for Viruses filter". Replacing this default policy filter with the custom "virus 3" filter ensures that:

Related concepts
Policy Script 1: Scan and Deliver Internal Messages
Policy Script 2: Scan External Mail for Viruses
Related information
pmx-policy