Author: Ian Eiloart Date: To: Exim-users Subject: Re: [Fwd: [exim] deferring when clamd/spamd is down]
--On February 22, 2005 17:47:11 +0100 exim-users@??? wrote:
> Hello fellow exim users,
>
> I'm using clamav and sa via exiscan and I thought everything was fine
> until lately. After upgrading sa, I forgot to restart it. And when I
> tested my exim installation, I realized that when either spamd or clamd
> is down, mails can enter my system without being content scanned for spam
> or malware.
>
> If I put the "spam" or "malware" condition in a deny statement, the mail
> gets deferred as expected, if spamd or clamd is down. But if I have these
> conditions in a warn statement, the warn statement gets ignored and
> processing goes on to the next statement. Eventually, the mail enters my
> system, which is not good.
Why would you be accepting malware at all? Put it back in the deny
statement where it belongs.
I use defer=ok on my clamav scanning, but I make sure that the daemon stays
up by using MacOSX watchdog to launch it - it gets relaunched immediately
if it falls over.
> To avoid this and have the mails deferred as long as one of the demons is
> down, I implemented the kind of tri-state logic that was given before on
> the list for sender verification (ok/bad/unknown). Since this is not the
> most beautiful solution in my eyes, I wonder whether there is another way
> to achieve the same goal. How do others on the list tackle this situation?
>
>
> Thanks for your feedback,
> Patrick
>
