Re: [exim] malware and defer_ok

Inizio della pagina
Delete this message
Reply to this message
Autore: Magnus Holmgren
Data:  
To: Paul Dekkers
CC: exim-users, Riemer Palstra, oxo
Oggetto: Re: [exim] malware and defer_ok
Paul Dekkers skrev:
>
> Can't we detect if the scanner failed or not? (I have a suspicion.)
> If not; wouldn't it make sense to have a variable that indicates this?
> (Something like $malware_failed or so. Something that can be used as to
> add a header as a warning, try another scanner instead, ...)
>
> With defer_ok we can't add a header at a later stage that tells if the
> scan was successful... we can only be sure if there was indeed malware
> detected, if malware_name is defined, right?
>


Like this:

  deny    malware = */defer_ok
  warn    malware = *
          message = X-Warn: Virus scanning failed.
(and/or)  control = freeze


The result of the malware condition is cached, so the antivirus program
won't be run twice. However, scanning can only be done in the ACLs, so
the easiest way to make sure that nothing escapes the virus scanner is
to defer and let the sending host requeue the mail (*if* there is a
sending host that's not a local user).

--
Magnus Holmgren