Re: [exim] Exim 4.69- defer message on malware scanner failu…

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Juergen Edner
CC: exim-users
Subject: Re: [exim] Exim 4.69- defer message on malware scanner failure
On 2009-11-06 at 20:45 +0100, Juergen Edner wrote:
> Hello,
> I'm currently trying to optimize my Exim configuration a little bit,
> especially the malware ACL part. At the moment incoming messages,
> which have marked as malware, are forwarded to a shared folder for
> verification purposes. This process works very well.
>
> Some days ago I realized that messages are not temporarily deferred
> if the malware scanner ClamAV is not running but are forwarded to
> the end user without being checked at all.
>
> Now I wonder how I need to modify the ACL part to make sure that
> this doesn't happen anymore. Is there any reliable way to find
> out if the malware scanner is running or not?
>
> This is the currently used ACL part:
>
> acl_check_data:
>   warn  log_message = This message contains malware ($malware_name)
>         malware       = *

>
>   warn  message       = X-Redirect-To: virus@???
>         malware       = *
>   ...


Something more is going on here and you'll need to provide logs for
where this happens.

By default, "malware = *" should be deferring if it can't talk to the
malware scanner. You need to explicitly say "malware = */defer_ok" if
it's acceptable to continue on without scanning.

-Phil