I've had some comments in my Exim config for a while now with the intent of
one day being able to detect if a malware scan was successful or not, and
since I got to updating the configs now, I figured I'd see if I could do
anything about it.
This is the ACL code I have for virus scanning:
acl_check_scan:
accept authenticated = *
accept condition = ${if > {$message_size}{2M} {yes}{no}}
deny message = Message contains malicious code:
$malware_name
malware = true/defer_ok
logwrite = Message contains malicious code:
$malware_name
warn message = X-Virus-Scan: YES
# !malware = true/defer_ok
accept
The commented out line was my little hint that I should do something, and
this is what I'd like to be able to do (It might be possible right now, but
I don't know how to do it)...
I would like to be able to tell users via the X-Virus-Scan: header whether a
message was indeed scanned or not - in the event of the virus scanner
failing but defer_ok still allowing the message in. From what I can tell,
this would probably only be possible if there was something like a
"deferred" variable which would allow something like this:
warn message = X-Virus-Scan: ${if eq {$deferred}{0}
{YES}{NO}}
!malware = true/defer_ok
This would of course be useful in any other case where there's a "defer_ok"
modifier available so that people can detect the deferring.
... Or is there another way that currently exists?
Eli.
