* Ralf Hildebrandt <[email protected]>:
> How can I safely handle the case of all virus scanners failing?
> 
> In the release notes I'm seeing:
> 
> - a failure of all virus scanners no longer automatically tempfails the
>   operation, but flags a message with a CC_UNCHECKED contents category
>   (just like a failure of decoders/dearchivers), and allows the usual
>   controls (*_destiny, *_quarantine_*) to be used to configure behaviour;
>   for example:
>   
>   $final_unchecked_destiny = D_TEMPFAIL;
>   $unchecked_quarantine_method = 'local:unchecked/%m.gz';
> 
> I want to catch the case of a virus pattern update gone wrong -- right
> now all the mails pass unchecked, I'd rather tempfail them. On the
> other hand - what about encrypted mails which cannot be scanned
> anyway? How can I let those pass?

Looking at the categories I see no way of distinguishing an encrypted
archive (which should be passed) from a generic "all scanners have
failed" error (which should cause a tempfail).

...
Jun 15 10:05:08 mail amavis[3999]: (03999-08) p003 1/2 Content-Type: 
application/x-zip-compressed, size: 12791 B, name: 3618_error_log_20110615.zip
Jun 15 10:05:08 mail amavis[3999]: (03999-08) do_unzip: p003, 1 members are 
encrypted, none extracted, archive retained
Jun 15 10:05:09 mail amavis[3999]: (03999-08) FWD from <[email protected]> 
-> <[email protected]>,BODY=7BIT 250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3QvL455jGWzFvq5
Jun 15 10:05:09 mail amavis[3999]: (03999-08) Passed UNCHECKED 
{RelayedInbound}, [217.16.101.214]:40793 [127.0.0.1] <[email protected]> -> 
<[email protected]>, Message-ID: 
<7fda82a7cd7eb24e81bf85c74caf8e0e4708a59...@exdkmbx022.corp.novocorp.net>,mail_id:
 60xc9rwqiz5V, Hits: -1.899, size: 26319, queued_as: 3QvL455jGWzFvq5, 905 ms
...

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  [email protected] | http://www.charite.de
            

Reply via email to