NAME

cantscan.conf - Specifies the action the pmx_virus_cantscan should take if pmx_virus fails to scan a message attachment


SYNOPSIS

/opt/pmx/etc/virus.d/cantscan.conf


DESCRIPTION

<scan_failed_action Action>
Specifies what action pmx_virus_cantscan should take if pmx_virus fails to scan a message attachment. The Sophos virus scanner returns failure codes if it cannot scan an attachment. Some common failure codes are:
SOPHOS_SAVI_FILE_ENCRYPTED
The attachment was encrypted. Password-protected archives will trigger this failure code.

SOPHOS_SAVI_FILE_CORRUPT
The attachment was corrupt.

SOPHOS_SAVI_FILE_PART_VOL
The attachment could not be scanned because it is part of a multi-volume archive.

A scan_failed_action section contains the following:

id = FAILURE_CODE
Each section can contain one ID, specifying which failure condition to take action upon. A particular failure code can only have one associated action.

description = ``The description associated with this error''
Some text that describes the error. This text replaces occurrences of %%DESC%% in the template.

action = (allow | warn | deny)
The action can be either 'allow', 'warn' (default) or 'deny'.

What action should be taken for this failure code. If a message matches more than one failure code, a 'deny' action always overrides any other actions. Also, if the message contains viruses and unscannable parts, the action is always to 'deny'.

allow
This value tells pmx_virus to ignore this failure code and allow the data to pass through. This introduces a potential security risk as the attachment is not guaranteed to be virus-free, and the user is not warned.

warn
This value causes the attachment to be treated as viral by pmx_virus.

It causes pmx_virus_clean to add a warning (from the template specified by the template option) about the unscannable part, but does not replace it.

Also this will cause pmx_virus_cantscan to return true, which can be used to treat 'allowed' unscannable messages differently from truly viral ones.

deny
This value causes the attachment to be treated as viral by pmx_virus.

This value tells pmx_virus_clean to replace the message part with a template, like it normally does to parts containing a virus.

It also causes pmx_virus_cantscan to return false.

template = cantscan.tmpl
The filename of the template to use with this action. The default template is cantscan.tmpl. If a full path is not specified, PureMessage searches the etc/virus.d directory, then the etc/templates/<language>/virus.d directory for this template. The language-specific path used in this search is taken from the language setting above.

The pmx_virus test always logs a message to the message log (located by default in /opt/pmx/var/log) when it fails to scan an attachment.

</scan_failed_action>


COPYRIGHT

Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.