Do policy_banks overrule defaults?

Patrick Ben Koetter p at state-of-mind.de
Fri May 25 21:10:15 CEST 2012


* Mark Martinec <Mark.Martinec+amavis at ijs.si>:
> Parick,
> 
> > Do policy_banks overrule defaults?
> 
> Yes, that's their purpose in life. (btw, happy Towel Day!)

Happy Towel Day, too! I saw a lot of pictures of sysadmins having a towel
wrapped around their neck telling the world they would go to work now.

> > This is a rather complicated question (with a hopefully simple answer):
> > 
> > I have a set of virus scanners. Viruses should go to the quarantine unless
> > their virus name triggers a mass virus action via
> > @virus_name_to_policy_bank_maps. Among other things the mass virus action
> > should simply discard such virus messages.
> 
> When all virus scanning is done and each virus scanner involved
> contributed its virus names to a list of virus names detected, this
> list is then mapped through @virus_name_to_policy_bank_maps to obtain
> a list of policy bank names. The list of policy bank names is cleansed
> by removing unknown policy bank names and duplicates, then named policy
> banks are loaded, which will affect further processing, like quarantining,
> notifications, forwarding and rejection status.

Mark, you kick ass! Remind me to buy you a LARGE beer next time we see each
other.


> Note that unlike Ralf's question about *reported* virus names
> (only names from the *first* scanner that detected infection are reported),
> the list of virus names that goes through @virus_name_to_policy_bank_maps
> mapping contains names from *all* virus scanners, not just the first.
> 
> > How will amavis behave if one virus scanner reports a virus that would
> > trigger a mass virus action in @virus_name_to_policy_bank_maps but not the
> > other ones?
> 
> The policy bank associated with a virus name would be loaded
> regardless of which scanner reported which name. All names are
> considered, each is mapped through @virus_name_to_policy_bank_maps,
> all resulting policy bank names (if any) will be loaded.
> 
> > Will the mass virus action (do not quarantine) overrule the default action
> > (quarantine)?
> 
> Yes. Loading a policy bank loads its settings over current settings,
> all further actions are affected. Since the loading of policy banks
> based on @virus_name_to_policy_bank_maps happens before quarantining,
> it is capable of affecting/disabling quarantining.
> 
> > Would I end up adding all (different) virus names from all virus
> > scanners in use to @virus_name_to_policy_bank_maps just make sure the
> > message will be discarded?
> 
> No need to, any name would do, as long as you are sure that name
> (or better: that scanner) would always appear on that type of infection.
> 
> Of course if some scanner fails but there are other still working,
> then names as produced by a failing scanner would never appear
> in the list of virus names. With this in mind, it might make sense
> to include alternative names in virus_name_to_policy_bank_maps too.

Good idea.

p at rick

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the amavis-users mailing list