Mark wrote: > GĂ©rald,
>> > if it's a virus, we don't care if it's banned, bad hdr or spam. it's >> > handled as a virus. >> >> this rules seams fair to me, but in fact, if it is a virus and has bad >> header and we have virus set to D_PASS and badh to D_DISCARD, the mail >> is blocked, so actual behaviour of the program doesn't follow the rule >> you describe, is this a bug ? > It is a bug/inconsistency, inherited from previous versions which > had no concept of mail content category. This notion is still hazy > in places, I'll see what can be done for the next release. > Thanks for pointing it out. > Mark Using eicar.com to test. I was surprised to find that sending a virus through with a banned file when $final_virus_destiny = D_PASS; would deliver the file to the recipient. If you set @virus_lovers_maps = (1); (and virus and banned destinies to something other than D_PASS) the same message will be blocked. It has been said in the past that if you want to insure someone gets passed a virus, you should include them in both a virus_lovers and a banned_files_lovers map (I have not tested with bad_header). I was surprised because I have thought in the past that including someone in a *lovers* map was functionally equivalent to setting $final_*_destiny = D_PASS; for that particular user. I guess this is not true for viruses which always seem to be a special case (and maybe rightfully so, since they are designed to be malicious). Even more interesting, If I test with: $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_PASS; @virus_lovers_maps = (1); The same message with a banned file (and virus) still gets Blocked INFECTED. If I test with: @virus_lovers_maps = (1); @banned_files_lovers_maps = (1); I get Passed INFECTED, as I expected. Personally I not convinced that the fact that it may be somewhat more difficult to get a virus to selectively pass is necessarily a bad thing. I'm not suggesting this should not be fixed in some way, I'm simply saying (in general) inconsistencies that help prevent people from doing stupid things are tolerable. Gary V ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
