* Mark Martinec <[email protected]>: > Parick, > > > Do policy_banks overrule defaults? > > Yes, that's their purpose in life. (btw, happy Towel Day!)
Happy Towel Day, too! I saw a lot of pictures of sysadmins having a towel wrapped around their neck telling the world they would go to work now. > > This is a rather complicated question (with a hopefully simple answer): > > > > I have a set of virus scanners. Viruses should go to the quarantine unless > > their virus name triggers a mass virus action via > > @virus_name_to_policy_bank_maps. Among other things the mass virus action > > should simply discard such virus messages. > > When all virus scanning is done and each virus scanner involved > contributed its virus names to a list of virus names detected, this > list is then mapped through @virus_name_to_policy_bank_maps to obtain > a list of policy bank names. The list of policy bank names is cleansed > by removing unknown policy bank names and duplicates, then named policy > banks are loaded, which will affect further processing, like quarantining, > notifications, forwarding and rejection status. Mark, you kick ass! Remind me to buy you a LARGE beer next time we see each other. > Note that unlike Ralf's question about *reported* virus names > (only names from the *first* scanner that detected infection are reported), > the list of virus names that goes through @virus_name_to_policy_bank_maps > mapping contains names from *all* virus scanners, not just the first. > > > How will amavis behave if one virus scanner reports a virus that would > > trigger a mass virus action in @virus_name_to_policy_bank_maps but not the > > other ones? > > The policy bank associated with a virus name would be loaded > regardless of which scanner reported which name. All names are > considered, each is mapped through @virus_name_to_policy_bank_maps, > all resulting policy bank names (if any) will be loaded. > > > Will the mass virus action (do not quarantine) overrule the default action > > (quarantine)? > > Yes. Loading a policy bank loads its settings over current settings, > all further actions are affected. Since the loading of policy banks > based on @virus_name_to_policy_bank_maps happens before quarantining, > it is capable of affecting/disabling quarantining. > > > Would I end up adding all (different) virus names from all virus > > scanners in use to @virus_name_to_policy_bank_maps just make sure the > > message will be discarded? > > No need to, any name would do, as long as you are sure that name > (or better: that scanner) would always appear on that type of infection. > > Of course if some scanner fails but there are other still working, > then names as produced by a failing scanner would never appear > in the list of virus names. With this in mind, it might make sense > to include alternative names in virus_name_to_policy_bank_maps too. Good idea. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
