On Mon, Jun 29, 2009 at 10:49:34AM +0200, Willy Janssen wrote: > We scan all outgoing mail as we absolutely don't want to send out any > virusses. To accomplish this, we have a two-stage (separate) Postfix setup, > connected via a content_filter for Amavis/ClamAV: > > Postfix (incoming stage) --> Amavis/ClamAV --> Postfix (sending stage) > > However, during the last days some virusses seemed to slip through (we were > trapped by an external party). What I can think of is the possibility that > a mail is scanned and found to be clean is going to the second Postfix and > sits there in the queue. Suppose it cannot be delivered immediately. > > As the queue lifetime is in the order of days, it can take a while before > the message is delivered. During that time the ClamAV database could be > updated to recognize this message as a virus. However, it won't get scanned > again as it is already in the outgoing queue. And we're sending the virus > mail.
Stuff happens. There is no 100% effective A/V scanner. If the file had gone through promptly, it would still have been infected. Let the next hop worry about A/V. I recommend against doing anything to "solve" this problem. You can wait indefinitely for more signatuers to arrive, or you can deliver email. Yes, you can shuffle mail around the queue in various creative ways, see http://www.postfix.org/MULTI_INSTANCE_README.html for the best way to make this possible, if that's what you want to do. Once each stage of processing has its own queue, and provided they are all on the same file-system, queue files can be safely renamed between the deferred queue of one instance and the maildrop or incoming queue of another. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
