[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: Warn virus recipients only for non spam mail?
From:       Mark Martinec <Mark.Martinec+amavis () ijs ! si>
Date:       2012-02-09 16:09:22
Message-ID: 201202091709.22174.Mark.Martinec+amavis () ijs ! si
[Download RAW message or body]

Michael,

> is it possible just to warn recipients of virus mails only if SA score
> is below $sa_kill_level_deflt??
> 
> $warnvirusrecip =1 send a notify on all virus mails to recipient.

This isn't possible off-the-shelf, some hack is needed.
Try the attached patch for 2.7.0.

Amavis normally considers infected mail as the top reason to block it.
Spam scanning is not even performed for infected mail, partly to save
resources, and partly to offer some small protection against malware
to spam scanner(s).

So the attached patch needs to overcome the above performance+security
measure, and then disable $warnrecip_maps_by_ccat{&CC_VIRUS}
when CC_SPAM is also detected as a contents category.

This patch will *not* find its way into the next version, as I think
it goes against the purpose of recipient notifications (if these still
have any purpose at all). I think there may be better ways of
dealing with infected spam. Note that a spam scanner often
recognize infected mail as spam, which probably invalidates
the intention of having virus recipient notifications enabled.

Perhaps the reason behind your wish is that some virus scanners
declare spam as infection. There is a better way to deal with this,
by using @virus_name_to_spam_score_maps .

  Mark

["0.patch" (text/x-patch)]

--- amavisd~	2011-07-01 17:21:07.000000000 +0100
+++ amavisd	2012-02-09 16:49:39.325107705 +0100
@@ -12245,5 +12245,6 @@
         $any_pass = 1  if $final_destiny == D_PASS;
       }
-      if (!$any_pass) {
+      if (0) {
+    # if (!$any_pass) {
         do_log(5, "bypassing of spam checks, message will be blocked anyway ".
                   "due to %s", $prelim_blocking_ccat);
@@ -14909,4 +14910,11 @@
     my($rec) = $r->recip_addr;
     my($wr); my($notify_recips_templ_ref);
+    if ($r->is_in_contents_category(CC_SPAM)) {
+      if ($wrmbc->{&CC_VIRUS}) {
+        $wrmbc = { %$wrmbc };  # copy
+        delete $wrmbc->{&CC_VIRUS};
+        do_log(5,"disabling virus recipient notifications for infected spam");
+      }
+    }
     my($warnrecip_maps_ref) = $r->setting_by_contents_category($wrmbc);
     ($wr) = lookup2(0,$rec,$warnrecip_maps_ref)  if $warnrecip_maps_ref;


[prev in list] [next in list] [prev in thread] [next in thread]