[AMaViS-user] default policy and virus_name_to_spam_score_maps

Jernej Porenta Tue, 28 Apr 2009 04:30:02 -0700

Hi everyone,

I have a case where email was blocked as infected (via winnow 
signatures), when no policy was found in $sql_select_policy, even when 
default @virus_name_to_spam_score_maps have a line for marking it as spam.


Is this behaviour normal? I believe that it isn't but I am unable to 
find any reference for that in RELEASE_NOTES.

My configs are like this (just the interesting part):

@virus_name_to_spam_score_maps =
    (new_RE(  # the order matters!
      ...
      [ qr'^winnow\.(phish|spam)\.'   => 0.1],
      [ qr'^winnow\.malware\.'                => undef ],  # keep as 
infected
    ));

Default policy is to block all viruses and allow all spam mails, so 
users can set their policy for spam filtering by themselves.

Logs show this:
Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) Checking: 9AbMj1ZsRiBa 
[84.121.99.228] <> -> <x...@domain>
Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) p001 1 Content-Type: 
text/plain, size: 94 B, name:
Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) run_av (ClamAV-clamd): 
/var/amavis/tmp/amavis-20090427T083452-08589/parts INFECTED: 
winnow.phish.pt.paypal.m248493.UNOFFICIAL
Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) virus_scan: 
(winnow.phish.pt.paypal.m248493.UNOFFICIAL), detected by 1 scanners: 
ClamAV-clamd
Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) Virus 
winnow.phish.pt.paypal.m248493.UNOFFICIAL matches (?-xism:^), sender 
addr ignored
Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) bounce unverifiable, <> -> 
<x...@domain>
Apr 27 08:59:26 avs3 amavis[8589]: (08589-03) Blocked INFECTED 
(winnow.phish.pt.paypal.m248493.UNOFFICIAL), [84.121.99.228] 
[187.220.50.57] <> -> <x...@domain>, Message-ID: 
<20090427080752.8000...@videofitness.com>, mail_id: 9AbMj1ZsRiBa, Hits: 
-, size: 921, pt: 1, 86 ms

There is no policy settings for user x...@domain in the database and 
policy table in SQL does not contain any settings regarding virus name 
-> spam_score maps. Maybe it should contain it, but I believe if it does 
not exist in the database, that it should take the default one (which is 
stated above).

So, is this the right behaviour or just my config mistake?

Thanks in advance.

regards, Jernej


------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] default policy and virus_name_to_spam_score_maps

Reply via email to