Re: [exim] malware and defer_ok

Página Principal
Esta mensagem é parte da seguinte discussão:
M\a lista completa das discussões ordenadas por data
MM\Paul Dekkers em <-
MMMMagnus Holmgren em ->
Apagar esta mensagem
Responder a esta mensagem
Autor: Bill Hacker
Data:  
Para: exim
Assunto: Re: [exim] malware and defer_ok
Paul Dekkers wrote:

> Hi,
>
> Riemer Palstra wrote:
>
>
>>>2) If I put malware = */defer_ok in my check data ACL, will that
>>>accept the mail and relay it out to the world, or will it accept and
>>>queue until clam is back up. The latter would be better, but I'm not
>>>sure if it is possible.
>>
>>The first. Consider putting a second scanner in the chain if you
>>*really* don't want a message to be sent out to the world without any
>>type of scanning.
>
>
> Can't we detect if the scanner failed or not? (I have a suspicion.)

Yes. Log entries are usually generated.

It should be possible to intercept that, and/or generate a header before
entering,
add a header as part of the pass, remove one, both, or neither afterwards.

You can simulate failure by denying the stack or socket to it.


> If not; wouldn't it make sense to have a variable that indicates this?
> (Something like $malware_failed or so. Something that can be used as to
> add a header as a warning, try another scanner instead, ...)
>

Perhaps X-Scan-Failed: going in, strip it if/as/when other indicators
show success.

> With defer_ok we can't add a header at a later stage that tells if the
> scan was successful... we can only be sure if there was indeed malware
> detected, if malware_name is defined, right?
>
> Paul
>
>



Esta mensagem foi colocada nas seguintes mailing lists:
Exim-users
Informação da Mailing List | Mensagens Perto		<-Re: [exim] malware and defer_ok[exim] Exim 4.43 segmentation faults->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versão 2.3)