Hello Phil, >> > Some days ago I realized that messages are not temporarily deferred >> > if the malware scanner ClamAV is not running but are forwarded to >> > the end user without being checked at all. >> > >> > Now I wonder how I need to modify the ACL part to make sure that >> > this doesn't happen anymore. Is there any reliable way to find >> > out if the malware scanner is running or not? >> > >> > This is the currently used ACL part: >> > >> > acl_check_data: >> > warn log_message = This message contains malware ($malware_name) >> > malware = * >> > >> > accept >> > ... > > Something more is going on here and you'll need to provide logs for > where this happens. > > By default, "malware = *" should be deferring if it can't talk to the > malware scanner. You need to explicitly say "malware = */defer_ok" if > it's acceptable to continue on without scanning.
that's exactly how I understood the function. Therefore I've stopped the malware scanner and have run a test with the Eicar test virus. Although the malware acl condition returns a 'deferred' the warn statement is skipped and the next acl statement is processed. After reading through the acl documentation several times I thought it should instantly defer the message on a malware scanner failure without processing any further statements. This is the related debug trace: 22650 using ACL "acl_check_data" 22650 processing "warn" 22650 check malware = * 22650 LOG: MAIN PANIC 22650 malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamd (No such file or directory) 22650 warn: condition test deferred 22650 LOG: MAIN 22650 H=host.test.lan (mail.domain.de) [192.168.6.11] Warning: ACL "warn" statement skipped: condition test deferred 22650 processing "warn" 22650 warn: condition test succeeded 22650 processing "accept" 22650 accept: condition test succeeded Thanks Juergen -- Mail: [email protected] GPG Key available -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
