* Ralf Hildebrandt <[email protected]>: > How can I safely handle the case of all virus scanners failing? > > In the release notes I'm seeing: > > - a failure of all virus scanners no longer automatically tempfails the > operation, but flags a message with a CC_UNCHECKED contents category > (just like a failure of decoders/dearchivers), and allows the usual > controls (*_destiny, *_quarantine_*) to be used to configure behaviour; > for example: > > $final_unchecked_destiny = D_TEMPFAIL; > $unchecked_quarantine_method = 'local:unchecked/%m.gz'; > > I want to catch the case of a virus pattern update gone wrong -- right > now all the mails pass unchecked, I'd rather tempfail them. On the > other hand - what about encrypted mails which cannot be scanned > anyway? How can I let those pass?
Looking at the categories I see no way of distinguishing an encrypted archive (which should be passed) from a generic "all scanners have failed" error (which should cause a tempfail). ... Jun 15 10:05:08 mail amavis[3999]: (03999-08) p003 1/2 Content-Type: application/x-zip-compressed, size: 12791 B, name: 3618_error_log_20110615.zip Jun 15 10:05:08 mail amavis[3999]: (03999-08) do_unzip: p003, 1 members are encrypted, none extracted, archive retained Jun 15 10:05:09 mail amavis[3999]: (03999-08) FWD from <[email protected]> -> <[email protected]>,BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3QvL455jGWzFvq5 Jun 15 10:05:09 mail amavis[3999]: (03999-08) Passed UNCHECKED {RelayedInbound}, [217.16.101.214]:40793 [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <7fda82a7cd7eb24e81bf85c74caf8e0e4708a59...@exdkmbx022.corp.novocorp.net>,mail_id: 60xc9rwqiz5V, Hits: -1.899, size: 26319, queued_as: 3QvL455jGWzFvq5, 905 ms ... -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 [email protected] | http://www.charite.de
