failure of all virus scanners

[Mark Martinec]

Ralf,

> > > I want to catch the case of a virus pattern update gone wrong -- right
> > > now all the mails pass unchecked, I'd rather tempfail them.
> >   $virus_scanners_failure_is_fatal = 1;

> Yes, killing all virus scanners causes a tempfail now, wonderful.
> 
> But does this patch indeed differenciate between "unscannable content"
> and "couldn't scan at all"? Sorry, my perl fu is not strong :)

It reverts to the previous behaviour when the setting is true:
if virus scanning is enabled (i.e. at least one scanner is present) and
all scanners fail without providing a definite yes/no answer, then
a 4xx tempfail happens.

How each virus scanner reacts to "unscannable content" depend on
each scanner. Amavis catches fatal errors (process/socket failures,
timeouts, crashes), and compares the result against the 4th and 5th
field in each @av_scanners entry. If no match is found (neither infected
nor clean), then this scanner is considered to have failed.
With some scanners it is possible to list "unscannable content"
status codes as 'success' codes, i.e. in the 4th field.

So to answer your question on a differenciate between "unscannable content" 
and "couldn't scan at all": it's all up to each av scanner entry and how
the 4th and 5th fields are defined in its entry.

Btw, this is all somewhat unrelated to the CC_UNCHECKED content type
outcome, which can also (also) result from a decoder failure (like a
password protected or corrupted archive, causing unzip to fail,
but still somehow avoid total virus scanners failure).

In other words, both the decoder failure as well as a total virus
scanners failure set the CC_UNCHECKED content type flag.
If the $virus_scanners_failure_is_fatal is false than this is it, further
processing depends on %final_destiny_by_ccat or other settings
for CC_UNCHECKED. If $virus_scanners_failure_is_fatal is true than
the CC_UNCHECKED is still set but is irrelevant, as a temporary failure
is signalled immediately, skipping further processing.

  Mark