Malware in attachments

8 views
Skip to first unread message

Natalka Onyshchenko

unread,
Feb 3, 2022, 3:22:32 AMFeb 3
to Alaveteli Dev
Hello!

How do you guys deal with malware in responses?

Once in a while we get a complaint from the datacenter about malware in our Alaveteli instance (with a threat to shut us down). We already have Linux Malware Detect and ClamAV installed and I think that "RESTRICT_NEW_RESPONSES" setting is helpful too but it still keeps happening.
Now I'm thinking about trying to restrict some extensions or content types in Exim settings.

What is your experience, do you have any measures in place?

Graeme Porteous

unread,
Feb 4, 2022, 6:02:10 AMFeb 4
to alavet...@googlegroups.com
Hi Natalka,

At mySociety we use SpamAssassin and ClamAV to reject obvious spam and malware messages before they are accepted by our servers and ingested into Alaveteli. You'll need to make sure these are configured correctly and definitions are regularly updated to ensure these tools stay effective.

For any questionable message which get through to the Alaveteli's we host there are a number of configuration options we have to help limit and manage these.

One of which is the `RESTRICT_NEW_RESPONSES_ON_OLD_REQUESTS_AFTER_MONTHS` option so only email addresses matching the domain name of the authority can reply.

There is also the three `INCOMING_EMAIL_SPAM_*` options which we have configured in conjunction with SpamAssassin to inject a header into the incoming messages with a numeric spam score. So these messages can be directed to the holding pen for manual review by an admin before being published on the site.

There is some helpful advice on this at https://alaveteli.org/docs/running/handling_spam/

Also in the Alaveteli admin you can go to `/admin/spam_addresses` which allows you to manually specify email addresses to prevent some messages from entering the holding pen.

Hope this helps,

--
Graeme Porteous
gra...@mysociety.org


--
You received this message because you are subscribed to the Google Groups "Alaveteli Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alaveteli-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/alaveteli-dev/a22ae530-a3bd-4515-bd64-920ddfb4b8e5n%40googlegroups.com.

Natalka Onyshchenko

unread,
Feb 4, 2022, 7:28:35 AMFeb 4
to Alaveteli Dev
Thanks!

You received this message because you are subscribed to a topic in the Google Groups "Alaveteli Dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/alaveteli-dev/773WqhPcZ5M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to alaveteli-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/alaveteli-dev/CAD%3D4Ayhr0t%2BH6_91dOVJr_KjWV8oJ4OxZWpukKFkZ7G8SVzdQw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages