On 2009-11-06 at 20:45 +0100, Juergen Edner wrote:
> Hello,
> I'm currently trying to optimize my Exim configuration a little bit,
> especially the malware ACL part. At the moment incoming messages,
> which have marked as malware, are forwarded to a shared folder for
> verification purposes. This process works very well.
>
> Some days ago I realized that messages are not temporarily deferred
> if the malware scanner ClamAV is not running but are forwarded to
> the end user without being checked at all.
>
> Now I wonder how I need to modify the ACL part to make sure that
> this doesn't happen anymore. Is there any reliable way to find
> out if the malware scanner is running or not?
>
> This is the currently used ACL part:
>
> acl_check_data:
> warn log_message = This message contains malware ($malware_name)
> malware = *
>
> warn message = X-Redirect-To: virus@???
> malware = *
> ...
Something more is going on here and you'll need to provide logs for
where this happens.
By default, "malware = *" should be deferring if it can't talk to the
malware scanner. You need to explicitly say "malware = */defer_ok" if
it's acceptable to continue on without scanning.
-Phil