[AMaViS-user] default policy and virus_name_to_spam_score_maps
This is a discussion on [AMaViS-user] default policy and virus_name_to_spam_score_maps within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; Hi everyone, I have a case where email was blocked as infected (via winnow signatures), when no policy was found ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-28-2009
|
|||
|
|||
[AMaViS-user] default policy and virus_name_to_spam_score_maps
Hi everyone,
I have a case where email was blocked as infected (via winnow signatures), when no policy was found in $sql_select_policy, even when default @virus_name_to_spam_score_maps have a line for marking it as spam. Is this behaviour normal? I believe that it isn't but I am unable to find any reference for that in RELEASE_NOTES. My configs are like this (just the interesting part): @virus_name_to_spam_score_maps = (new_RE( # the order matters! ... [ qr'^winnow\.(phish|spam)\.' => 0.1], [ qr'^winnow\.malware\.' => undef ], # keep as infected )); Default policy is to block all viruses and allow all spam mails, so users can set their policy for spam filtering by themselves. Logs show this: Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) Checking: 9AbMj1ZsRiBa [84.121.99.228] <> -> <xxx@domain> Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) p001 1 Content-Type: text/plain, size: 94 B, name: Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) run_av (ClamAV-clamd): /var/amavis/tmp/amavis-20090427T083452-08589/parts INFECTED: winnow.phish.pt.paypal.m248493.UNOFFICIAL Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) virus_scan: (winnow.phish.pt.paypal.m248493.UNOFFICIAL), detected by 1 scanners: ClamAV-clamd Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) Virus winnow.phish.pt.paypal.m248493.UNOFFICIAL matches (?-xism:^), sender addr ignored Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) bounce unverifiable, <> -> <xxx@domain> Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) Blocked INFECTED (winnow.phish.pt.paypal.m248493.UNOFFICIAL), [84.121.99.228] [187.220.50.57] <> -> <xxx@domain>, Message-ID: <20090427080752.8000505@videofitness.com>, mail_id: 9AbMj1ZsRiBa, Hits: -, size: 921, pt: 1, 86 ms There is no policy settings for user xxx@domain in the database and policy table in SQL does not contain any settings regarding virus name -> spam_score maps. Maybe it should contain it, but I believe if it does not exist in the database, that it should take the default one (which is stated above). So, is this the right behaviour or just my config mistake? Thanks in advance. regards, Jernej ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
