I'm eager to hear what Jason Haar has to say about this. I don't knowI'm afraid I really don't like this. This issue is as old as the trees.
how error codes are generated in q-s so I can't really comment on the
usability of the above code, but in concept it looks like what I'm
suggesting.
As anyone who has been on any Qmail lists for any length of time knows, issues to do with patch-clashes/etc are routine. Personally I think DJB made a bad mistake in not allowing output from the qmail-queue process to flow back to qmail-smtpd. If he had, then we could EASILY do what you ask - in fact - that was originally what I wanted to do with Qmail-Scanner!
But instead, as qmail-smtpd error msgs are static, Q-S has to generate it's own error e-mails. There's no way I'd want Q-S to generate a perm error - because otherwise all the sending SMTP server sees is "5xxx perm fail" - not exactly useful. Obviously patching Qmail to have more error msgs would fix this particular issue, but read on...
Let's think this through.
1. I am an infected Windows PC. I use SMTP to send the virus to my default SMTP gateway, it rejects the message (due to virus) at the SMTP layer. The virus doesn't report that SMTP error to the end user - so they are unaware they are infected.
2. I am an infected Windows PC. I use SMTP to send the virus to my default SMTP gateway, it doesn't do virus scanning so it just passes it on to the next SMTP gateway. Eventually it meets a gateway that rejects the message at the SMTP layer. The SMTP failure generates a bounce that goes to the "MAIL FROM" address - which isn't the infected user - so they are unaware they are infected.
3. I am an infected Windows PC. I use SMTP to send the virus to my default SMTP gateway, it doesn't do virus scanning so it just passes it on to the next SMTP gateway. Eventually it meets Qmail-Scanner (set to send alerts always) that accepts the message, scans it and then sends an alert that goes to the "MAIL FROM" address - which isn't the infected user - so they are unaware they are infected (i.e identical to "2." except it has a much better error message).
4. I am an infected Windows PC. I use SMTP to send the virus to my default SMTP gateway, it doesn't do virus scanning so it just passes it on to the next SMTP gateway. Eventually it meets Qmail-Scanner (set to default of not notifying sender) that accepts the message, scans it and then exits. Real sender still unaware they are infected.
Which one is best?
Now let's look at your actual issue. False Positives. Apparently you have some broken AV that is claiming clean files are infected. Apparently you still want to use that AV! You think Q-S should be rewritten to compensate for your broken AV system...
Seriously, Q-S defaults to not sending alerts for messages that an AV says are infected. If you use quantine-attachments.txt to do "Policy blocks", those WILL GENERATE ALERTS. So if you block "*.doc" attachments, the sender of a clean *.doc file will get an e-mail telling them their message was blocked. As they are not a virus, the email will reach the actual sender. Everyone is happy.
If your AV is blocking clean files as being viral, complain or change AV.
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
