Do policy_banks overrule defaults?

Mark Martinec Mark.Martinec+amavis at ijs.si
Fri May 25 18:00:20 CEST 2012


Parick,

> Do policy_banks overrule defaults?

Yes, that's their purpose in life. (btw, happy Towel Day!)

> This is a rather complicated question (with a hopefully simple answer):
> 
> I have a set of virus scanners. Viruses should go to the quarantine unless
> their virus name triggers a mass virus action via
> @virus_name_to_policy_bank_maps. Among other things the mass virus action
> should simply discard such virus messages.

When all virus scanning is done and each virus scanner involved
contributed its virus names to a list of virus names detected, this
list is then mapped through @virus_name_to_policy_bank_maps to obtain
a list of policy bank names. The list of policy bank names is cleansed
by removing unknown policy bank names and duplicates, then named policy
banks are loaded, which will affect further processing, like quarantining,
notifications, forwarding and rejection status.

Note that unlike Ralf's question about *reported* virus names
(only names from the *first* scanner that detected infection are reported),
the list of virus names that goes through @virus_name_to_policy_bank_maps
mapping contains names from *all* virus scanners, not just the first.

> How will amavis behave if one virus scanner reports a virus that would
> trigger a mass virus action in @virus_name_to_policy_bank_maps but not the
> other ones?

The policy bank associated with a virus name would be loaded
regardless of which scanner reported which name. All names are
considered, each is mapped through @virus_name_to_policy_bank_maps,
all resulting policy bank names (if any) will be loaded.

> Will the mass virus action (do not quarantine) overrule the default action
> (quarantine)?

Yes. Loading a policy bank loads its settings over current settings,
all further actions are affected. Since the loading of policy banks
based on @virus_name_to_policy_bank_maps happens before quarantining,
it is capable of affecting/disabling quarantining.

> Would I end up adding all (different) virus names from all virus
> scanners in use to @virus_name_to_policy_bank_maps just make sure the
> message will be discarded?

No need to, any name would do, as long as you are sure that name
(or better: that scanner) would always appear on that type of infection.

Of course if some scanner fails but there are other still working,
then names as produced by a failing scanner would never appear
in the list of virus names. With this in mind, it might make sense
to include alternative names in virus_name_to_policy_bank_maps too.

  Mark


More information about the amavis-users mailing list