Re: [exim] detect, if malware scanner is unreachable

Etusivu
Poista viesti
Vastaa
Lähettäjä: Niki W. Waibel
Päiväys:  
Vastaanottaja: jgh
Kopio: exim-users
Aihe: Re: [exim] detect, if malware scanner is unreachable
On 2020-06-11 20:08, Jeremy Harris via Exim-users wrote:
> On 11/06/2020 11:04, Niki W. Waibel via Exim-users wrote:
> >    it is possible to "mark" spam emails, in case spamassassin is not
> >    reachable:
> >      warn       spam = nobody/defer_ok
> >           add_header = X-Spam-Flag: YES
> >      warn  condition = ${if !def:spam_score_int {1}}
> >           add_header = X-Spam-Note: Spamcheck invocation failed
> >           add_header = X-Spam-Status: Unknown

> >
> >      warn  condition = ${if def:spam_score_int {1}}
> >            condition = ${if <{$spam_score_int}{50} {1}{0}}
> >           add_header = X-Spam-Status: No, score=$spam_score

> >
> >      warn  condition = ${if def:spam_score_int {1}}
> >            condition = ${if >={$spam_score_int}{50} {1}{0}}
> >           add_header = X-Spam-Status: Yes, score=$spam_score

> >
> >    is sthg like this possible with the malware scanner(s)?

> >
> >    it is clear that
> >      deny    malware = */defer_ok
> >              message = This message contains a malware or virus
> >    ($malware_name).
> >          log_message = $sender_host_address tried sending $malware_name
> >    rejects the email immediatelly and a X-Malware-Status: Yes is
> >    irrelevant.

> >
> >    but it would still be nice to have either
> >       X-Malware-Status: Unknown
> >    or
> >       X-Malware-Status: No

>
> A construction based on https://bugs.exim.org/show_bug.cgi?id=251#c2
> might do what you want.


thanks for the hint. i've tried it like this, without success, unfort:
==================
begin acl

acl_check_malware_set_c8:
  require       set acl_c8 =    defer
# accept        verify     =    sender/callout,random
  accept        malware    =    *
                set acl_c8 =    accept
  deny          set acl_c8 =    deny


acl_check_malware:
  warn          acl =           acl_check_malware_set_c8
  accept        condition =     ${if eq {$acl_c8}{accept}}
  deny          condition =     ${if eq {$acl_c8}{deny}}
#  accept        acl =           acl_check_malware_deferred
  accept


acl_check_data:
# [...]
  warn          acl =           acl_check_malware


  deny          condition =     ${if eq {$acl_c8}{deny}}
                message =       This message contains a malware or virus ($malware_name).
                log_message =   $sender_host_address tried sending $malware_name


  warn          condition =     ${if eq {$acl_c8}{defer}}
                add_header =    X-Virus-Note: Viruscheck invocation failed
                add_header =    X-Virus-Status: Unknown


  warn          condition =     ${if eq {$acl_c8}{accept}}
                add_header =    X-Virus-Note: Viruscheck passed, result=clean
                add_header =    X-Virus-Status: Ok
# [...]
==================
i always do get a deny. it seem acl_c8 is never set to accept or defer.


as i am quite new to exim, i am out of ideas for now.