Mailing List Archive

On 11/06/2020 11:04, Niki W. Waibel via Exim-users wrote:
> it is possible to "mark" spam emails, in case spamassassin is not
> reachable:
> warn spam = nobody/defer_ok
> add_header = X-Spam-Flag: YES
> warn condition = ${if !def:spam_score_int {1}}
> add_header = X-Spam-Note: Spamcheck invocation failed
> add_header = X-Spam-Status: Unknown
>
> warn condition = ${if def:spam_score_int {1}}
> condition = ${if <{$spam_score_int}{50} {1}{0}}
> add_header = X-Spam-Status: No, score=$spam_score
>
> warn condition = ${if def:spam_score_int {1}}
> condition = ${if >={$spam_score_int}{50} {1}{0}}
> add_header = X-Spam-Status: Yes, score=$spam_score
>
> is sthg like this possible with the malware scanner(s)?
>
> it is clear that
> deny malware = */defer_ok
> message = This message contains a malware or virus
> ($malware_name).
> log_message = $sender_host_address tried sending $malware_name
> rejects the email immediatelly and a X-Malware-Status: Yes is
> irrelevant.
>
> but it would still be nice to have either
> X-Malware-Status: Unknown
> or
> X-Malware-Status: No

A construction based on https://bugs.exim.org/show_bug.cgi?id=251#c2
might do what you want.

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2020-06-11 20:08, Jeremy Harris via Exim-users wrote:
> On 11/06/2020 11:04, Niki W. Waibel via Exim-users wrote:
> > it is possible to "mark" spam emails, in case spamassassin is not
> > reachable:
> > warn spam = nobody/defer_ok
> > add_header = X-Spam-Flag: YES
> > warn condition = ${if !def:spam_score_int {1}}
> > add_header = X-Spam-Note: Spamcheck invocation failed
> > add_header = X-Spam-Status: Unknown
> >
> > warn condition = ${if def:spam_score_int {1}}
> > condition = ${if <{$spam_score_int}{50} {1}{0}}
> > add_header = X-Spam-Status: No, score=$spam_score
> >
> > warn condition = ${if def:spam_score_int {1}}
> > condition = ${if >={$spam_score_int}{50} {1}{0}}
> > add_header = X-Spam-Status: Yes, score=$spam_score
> >
> > is sthg like this possible with the malware scanner(s)?
> >
> > it is clear that
> > deny malware = */defer_ok
> > message = This message contains a malware or virus
> > ($malware_name).
> > log_message = $sender_host_address tried sending $malware_name
> > rejects the email immediatelly and a X-Malware-Status: Yes is
> > irrelevant.
> >
> > but it would still be nice to have either
> > X-Malware-Status: Unknown
> > or
> > X-Malware-Status: No
>
> A construction based on https://bugs.exim.org/show_bug.cgi?id=251#c2
> might do what you want.

thanks for the hint. i've tried it like this, without success, unfort:
==================
begin acl

acl_check_malware_set_c8:
require set acl_c8 = defer
# accept verify = sender/callout,random
accept malware = *
set acl_c8 = accept
deny set acl_c8 = deny

acl_check_malware:
warn acl = acl_check_malware_set_c8
accept condition = ${if eq {$acl_c8}{accept}}
deny condition = ${if eq {$acl_c8}{deny}}
# accept acl = acl_check_malware_deferred
accept

acl_check_data:
# [...]
warn acl = acl_check_malware

deny condition = ${if eq {$acl_c8}{deny}}
message = This message contains a malware or virus ($malware_name).
log_message = $sender_host_address tried sending $malware_name

warn condition = ${if eq {$acl_c8}{defer}}
add_header = X-Virus-Note: Viruscheck invocation failed
add_header = X-Virus-Status: Unknown

warn condition = ${if eq {$acl_c8}{accept}}
add_header = X-Virus-Note: Viruscheck passed, result=clean
add_header = X-Virus-Status: Ok
# [...]
==================
i always do get a deny. it seem acl_c8 is never set to accept or defer.

as i am quite new to exim, i am out of ideas for now.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2020-06-11 10:04, Niki W. Waibel wrote:
> hi,
>
>
>
> is sthg like this possible with the malware scanner(s)?
>
>
>
> hope i was clear enough, as i am quite new to exim.
>
> thank you in advance, niki
>
Assuming that AV scanner returns an error to Exim (that is non-zero exit
code):

###
warn
set acl_m9 = not_scanned
malware = *
logwrite = This message was detected as possible malware
($malware_name).
set acl_m9 = scanned
###

Initially acl_m9 is set to "not_scanned". If AV scanner failed then
"malware = *" condition is not met, so acl_m9 is not set to "scanned".
Later you can use acl_m9 and malware_name values in another ACL
statements to deny/defer/accept message.

PS. Tested on Exim 4.94.2

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/