Paul Dekkers skrev:
>
> Can't we detect if the scanner failed or not? (I have a suspicion.)
> If not; wouldn't it make sense to have a variable that indicates this?
> (Something like $malware_failed or so. Something that can be used as to
> add a header as a warning, try another scanner instead, ...)
>
> With defer_ok we can't add a header at a later stage that tells if the
> scan was successful... we can only be sure if there was indeed malware
> detected, if malware_name is defined, right?
>
Like this:
deny malware = */defer_ok
warn malware = *
message = X-Warn: Virus scanning failed.
(and/or) control = freeze
The result of the malware condition is cached, so the antivirus program
won't be run twice. However, scanning can only be done in the ACLs, so
the easiest way to make sure that nothing escapes the virus scanner is
to defer and let the sending host requeue the mail (*if* there is a
sending host that's not a local user).
--
Magnus Holmgren
