Re: [exim] malware and defer_ok

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Magnus Holmgren
Date:  
À: Paul Dekkers
CC: exim-users, Riemer Palstra, oxo
Sujet: Re: [exim] malware and defer_ok
Paul Dekkers skrev:
>
> Can't we detect if the scanner failed or not? (I have a suspicion.)
> If not; wouldn't it make sense to have a variable that indicates this?
> (Something like $malware_failed or so. Something that can be used as to
> add a header as a warning, try another scanner instead, ...)
>
> With defer_ok we can't add a header at a later stage that tells if the
> scan was successful... we can only be sure if there was indeed malware
> detected, if malware_name is defined, right?
>


Like this:

  deny    malware = */defer_ok
  warn    malware = *
          message = X-Warn: Virus scanning failed.
(and/or)  control = freeze


The result of the malware condition is cached, so the antivirus program
won't be run twice. However, scanning can only be done in the ACLs, so
the easiest way to make sure that nothing escapes the virus scanner is
to defer and let the sending host requeue the mail (*if* there is a
sending host that's not a local user).

--
Magnus Holmgren