Was updating a backup copy of my config when I noticed I had made a small
change to a malware line (added defer_ok) and thought to myself that adding
defer_ok didn't really solve the problem I intended when I added it. The
acl block is:
warn !malware = true
add_header = X-Virus-Scan: YES
set acl_m2 = 1
That was the original line, and I guess at some point I noticed there wasn't
a defer_ok added to it so I threw one on figuring it would prevent the acl
from deferring - but I didn't think of the fact that it would also tag my
email with the header (which it shouldn't set to YES since it wouldn't have
actually scanned the message).
Anyways, I'm wondering if anyone else has similar stuff in their config, and
how they may have gotten around preventing their spam/malware lines from
causing the ACL to defer (by obviously using defer_ok) when spamassassin or
av is down - AND detect if the message was actually scanned or not.
My only thought so far is that I could add a condition test to check for
$malware_name (in the case of malware) - but even that only helps me detect
if a virus was found... not a true test for if av was up and running or not.
Is there any way to detect if malware/spam was able to connect and perform
their scan or not?
Eli.
