failure of all virus scanners
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Wed Jun 15 14:30:54 CEST 2011
* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:
> How can I safely handle the case of all virus scanners failing?
>
> In the release notes I'm seeing:
>
> - a failure of all virus scanners no longer automatically tempfails the
> operation, but flags a message with a CC_UNCHECKED contents category
> (just like a failure of decoders/dearchivers), and allows the usual
> controls (*_destiny, *_quarantine_*) to be used to configure behaviour;
> for example:
>
> $final_unchecked_destiny = D_TEMPFAIL;
> $unchecked_quarantine_method = 'local:unchecked/%m.gz';
>
> I want to catch the case of a virus pattern update gone wrong -- right
> now all the mails pass unchecked, I'd rather tempfail them. On the
> other hand - what about encrypted mails which cannot be scanned
> anyway? How can I let those pass?
Looking at the categories I see no way of distinguishing an encrypted
archive (which should be passed) from a generic "all scanners have
failed" error (which should cause a tempfail).
...
Jun 15 10:05:08 mail amavis[3999]: (03999-08) p003 1/2 Content-Type: application/x-zip-compressed, size: 12791 B, name: 3618_error_log_20110615.zip
Jun 15 10:05:08 mail amavis[3999]: (03999-08) do_unzip: p003, 1 members are encrypted, none extracted, archive retained
Jun 15 10:05:09 mail amavis[3999]: (03999-08) FWD from <SIBE at novonordisk.com> -> <Andreas.Hueser at charite-research.org>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3QvL455jGWzFvq5
Jun 15 10:05:09 mail amavis[3999]: (03999-08) Passed UNCHECKED {RelayedInbound}, [217.16.101.214]:40793 [127.0.0.1] <SIBE at novonordisk.com> -> <Andreas.Hueser at charite-research.org>, Message-ID: <7FDA82A7CD7EB24E81BF85C74CAF8E0E4708A59A79 at exdkmbx022.corp.novocorp.net>,mail_id: 60xc9rwqiz5V, Hits: -1.899, size: 26319, queued_as: 3QvL455jGWzFvq5, 905 ms
...
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt at charite.de | http://www.charite.de
More information about the amavis-users
mailing list