Use the following three "virus" filters to modify how PureMessage handles virus-laden messages.
Use the "virus 1" filter to quarantine all external messages containing virus variants. The "virus 1" filter is a modification to the default policy filter found in Policy Script 2: Scan External Mail for Viruses. Unlike the default filter, the "virus 1" filter quarantines all messages containing virus variants. No attempt is made to clean infected messages. See the pmx_virus command in the pmx-policy manpage.
# attr NAME=virus 1 # Quarantines all infected messages. if pmx_virus { pmx_quarantine "Virus"; }
The "virus 1" filter replaces the Policy Script 2: Scan External Mail for Viruses filter. Replacing this default policy filter with the "virus 1" filter ensures that:
Use the "virus 2" filter to clean all internal messages containing virus variants. The "virus 2" filter is a modification to the default policy filter found in Policy Script 1: Scan and Deliver Internal Messages. Unlike the default filter, the "virus 2" filter attempts to clean virus variants from all messages sent through internal hosts. The default policy rejects all internal mail containing viruses.
# attr NAME=virus 2 # if pmx_virus { pmx_file "Virus"; pmx_virus_clean "cantclean.tmpl"; pmx_replace_header "Subject" "[PMX:VIRUS] %%SUBJECT%%"; stop; }
This filter attempts to clean the virus-laden message. If the message is successfully cleaned, it is sent to its original recipients. If the virus is not successfully cleaned, the infected part is replaced with the error template cantclean.tmpl. The "Subject" is marked with " [PMX:VIRUS] " to inform recipients that PureMessage found a virus.
The "virus 2" filter replaces the Policy Script 1: Scan and Deliver Internal Messages filter. Replacing this default policy filter with the "virus 2" filter ensures that:
Use the "virus 3" filter to evaluate mail sent through external hosts and to discard messages containing either the "Klez" or "Sobig" variants. The "virus 3" filter is a modification to the default policy filter found in Policy Script 2: Scan External Mail for Viruses. Unlike the default filter, the custom "virus 3" filter searches for specific viruses using the pmx_virus_id command.
# attr NAME=virus 3 # Discards messages infected with Klez or Sobig variants. # Attempts to clean messages infected with other variants. if pmx_virus { if pmx_virus_id :matches ["*Klez*", "*Sobig*"] { discard; stop; } pmx_file "Virus"; pmx_virus_clean "cantclean.tmpl"; pmx_replace_header "Subject" "[PMX:VIRUS] %%SUBJECT%%"; }
The "virus 3" filter replaces the "Policy Script 2: Scan External Mail for Viruses filter". Replacing this default policy filter with the custom "virus 3" filter ensures that: