exim-users at spodhuis
Nov 6, 2009, 4:30 PM
Post #2 of 2
(91 views)
Permalink
|
|
Re: Exim 4.69- defer message on malware scanner failure
[In reply to]
|
|
On 2009-11-06 at 20:45 +0100, Juergen Edner wrote:
> Hello,
> I'm currently trying to optimize my Exim configuration a little bit,
> especially the malware ACL part. At the moment incoming messages,
> which have marked as malware, are forwarded to a shared folder for
> verification purposes. This process works very well.
>
> Some days ago I realized that messages are not temporarily deferred
> if the malware scanner ClamAV is not running but are forwarded to
> the end user without being checked at all.
>
> Now I wonder how I need to modify the ACL part to make sure that
> this doesn't happen anymore. Is there any reliable way to find
> out if the malware scanner is running or not?
>
> This is the currently used ACL part:
>
> acl_check_data:
> warn log_message = This message contains malware ($malware_name)
> malware = *
>
> warn message = X-Redirect-To: virus[at]domain.lan
> malware = *
> ...
Something more is going on here and you'll need to provide logs for
where this happens.
By default, "malware = *" should be deferring if it can't talk to the
malware scanner. You need to explicitly say "malware = */defer_ok" if
it's acceptable to continue on without scanning.
-Phil
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
|
