Discussion:
final_virus_destiny D_REJECT
(too old to reply)
Rob McKennon
2016-04-01 18:35:06 UTC
Permalink
Hello,

We are setting up Amavis and Clamav to detect credit cards coming into
our email, and it's working. However, it's returning the original email
to the sender, which also contains the credit card numbers. Receiving
the credit card numbers is bad enough, sending them back out again
violates PCI. Is there a way to reject the email without returning the
original email content? Below is a returned email with test numbers as
an example.


Thank you,

Rob McKennon


The mail system

<xxxxxxxxxx <mailto:***@payscience.com>>: host 127.0.0.1[127.0.0.1]
said: 554 5.7.0 Reject, id=06026-19 - INFECTED:
Heuristics.Structured.CreditCardNumber (in reply to end of DATA command)

Final-Recipient: rfc822;xxxxxxxxxxxxx<mailto:***@payscience.com>
Original-Recipient: xxxxxxxxxxxxxx <mailto:rfc822%***@payscience.com>
Action: failed
Status: 5.7.0
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=06026-19 - INFECTED:
Heuristics.Structured.CreditCardNumber


---------- Forwarded message ----------
From: xxxxxxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxxxxxxxx
Cc:
Date: Fri, 1 Apr 2016 10:12:42 -0400
Subject: test cc
4111 1111 1111 1111 Exp: 04/17
4012 8888 8888 1881 Exp: 04/17
l***@mbchandler.net
2016-04-01 19:51:06 UTC
Permalink
Post by Rob McKennon
Hello,
We are setting up Amavis and Clamav to detect credit cards coming into
our email, and it's working. However, it's returning the original
email to the sender, which also contains the credit card numbers.
Receiving the credit card numbers is bad enough, sending them back out
again violates PCI. Is there a way to reject the email without
returning the original email content? Below is a returned email with
test numbers as an example.
Thank you,
Rob McKennon
The mail system
<xxxxxxxxxx>: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject,
id=06026-19 - INFECTED: Heuristics.Structured.CreditCardNumber (in
reply to end of DATA command)
Final-Recipient: rfc822;xxxxxxxxxxxxx
Original-Recipient: xxxxxxxxxxxxxx
Action: failed
Status: 5.7.0
Remote-MTA: dns; 127.0.0.1
Heuristics.Structured.CreditCardNumber
I removed your test numbers since anyone with DLP turned on might not
get the email.



I'm using the following which just discards the message:
$final_virus_destiny = D_DISCARD;

But it would be nice to be able to strip out the CC or SSN numbers and
send the message on to the recipient.
Rob McKennon
2016-04-01 20:14:19 UTC
Permalink
Post by l***@mbchandler.net
Post by Rob McKennon
Hello,
We are setting up Amavis and Clamav to detect credit cards coming into
our email, and it's working. However, it's returning the original
email to the sender, which also contains the credit card numbers.
Receiving the credit card numbers is bad enough, sending them back out
again violates PCI. Is there a way to reject the email without
returning the original email content? Below is a returned email with
test numbers as an example.
Thank you,
Rob McKennon
The mail system
<xxxxxxxxxx>: host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject,
id=06026-19 - INFECTED: Heuristics.Structured.CreditCardNumber (in
reply to end of DATA command)
Final-Recipient: rfc822;xxxxxxxxxxxxx
Original-Recipient: xxxxxxxxxxxxxx
Action: failed
Status: 5.7.0
Remote-MTA: dns; 127.0.0.1
Heuristics.Structured.CreditCardNumber
I removed your test numbers since anyone with DLP turned on might not
get the email.
$final_virus_destiny = D_DISCARD;
But it would be nice to be able to strip out the CC or SSN numbers and
send the message on to the recipient.
Good catch with the DLP, I didn't think about that! But D_DISCARD I
don't think is an option. We need the originator of the message to
understand that we rejected the mail because it contained credit card
numbers.

Rob.

Loading...