[AMaViS-user] Add virus tag to Subject

[pbr pbr]

Is there any way to add a [virus] tag to the subject line of defanged mail?

Right now I'm doing that with procmail and it seems like an extra step.

I've found a few posts about this in 2004 that indicated a patch that I don't think would work now and that the tag might be included in future versions.

Thanks.

-pbr

---------------------------------
Building a website is a piece of cake.
Yahoo! Small Business gives you all the tools to get online.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaVi...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[pbr pbr]

Mark Martinec <Mark.Marti...@ijs.si> wrote:
$subject_tag_maps_by_ccat{+CC_VIRUS} = [ '***INFECTED*** ' ];

Thanks. Just what I wanted. Can't believe how long I searched before you answered.

-pbr

---------------------------------
Check out the hottest 2008 models today at Yahoo! Autos.

[pbr pbr]

Mark Martinec <Mark.Marti...@ijs.si> wrote: Name: amavisd-new Group: System Environment/Daemons Version: 2.3.3 Release: 2 Installed: 12/25/2006 11:49:18 Summary: Mail virus-scanner AMaViS is a program that interfaces a mail transfer agent (MTA) with one or more virus scanners. Amavisd-new is a branch created by Mark Martinec that adds serveral performance and robustness features. It\'s partly based on work being done on the official amavisd branch. Please see the README.amavisd-new-RELNOTES file for a detailed description. ', ol_width=400);" onmouseout="return nd();">

> $subject_tag_maps_by_ccat{+CC_VIRUS} = [ '***INFECTED*** ' ];

I added the above line to the amavisd.conf file and restarted amavisd. Didn't change the Subject line. I'm using amavisd v.2.3.3-2

The mail is getting scanned and has the header:
X-Amavis-Alert: INFECTED, message contains virus: Eicar-Test-Signature

---------------------------------
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.

[Mark Martinec]

pbr,

> > $subject_tag_maps_by_ccat{+CC_VIRUS} = [ '***INFECTED*** ' ];
>
> I added the above line to the amavisd.conf file and restarted amavisd.
> Didn't change the Subject line. I'm using amavisd v.2.3.3-2

Switch to 2.5.2.

amavisd-new-2.4.3 release notes
- added a by-contents-category setting %subject_tag_maps_by_ccat, unifying
former separate settings @spam_subject_tag_maps, @spam_subject_tag2_maps,
@spam_subject_tag3_maps and $undecipherable_subject_tag, and making it
possible to specify subject tags (strings to be inserted into Subject:)
for other categories, such as viruses, banned, and bad headers. Note that
now only one such tag is inserted - previously if passed mail was both
spam and undecodable two tags were inserted;

Mark

[prab...@gmail.com]

This will do the trick. Amavisd On CentOS 7:

nano /etc/amavisd/amavisd.conf

%subject_tag_maps_by_ccat = (
CC_VIRUS, [ '***INFECTED*** ' ],
CC_BANNED, undef,
CC_UNCHECKED, sub { [ c('undecipherable_subject_tag') ] },
CC_SPAM, undef,
CC_SPAMMY.',1', sub { ca('spam_subject_tag3_maps') },
CC_SPAMMY, sub { ca('spam_subject_tag2_maps') },
CC_CLEAN.',1', sub { ca('spam_subject_tag_maps') },
);

$subject_tag_maps_by_ccat{+CC_VIRUS} = [ '[*VIRUS-INFECTED*] ' ];


Restart amavisd & postfix service

service amavisd restart


If you send this email as message body. Amavisd Should Modify Subject [INFECTED]

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

If you send this email as message body. Amavisd Should Modify Subject [SPAM]

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Prabhpal S. Mavi