Building an MS-SA box

[MW Mike Weiner (5028)]

Well the more I looked at it, the more I would agree, cause if MS is working
with the rule sets like a firewall does, meaning TOP DOWN matching, then you
would want your default, most often used rule at the bottom of the list thus
being the "catch all" rule that everything not matching the rules above
would be treated.

Julian, any thoughts?
-----Original Message-----
From: Peter Bonivart [mailto:peter at UCGBOOK.COM]
Sent: Sunday, February 22, 2004 9:03 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Building an MS-SA box

MW Mike Weiner (5028) wrote:
> FromOrTo:       default                 delete
> FromOrTo:       mweiner at bmarts.com      store deliver
>
> The thought here was to temporarily store the email so I can use later
> for Bayesian training. However, it has come up in the list a few times
> that some people think when the options are set as above "store
> deliver" then that piece of email is not getting processed at all.
> Meaning when mweiner at bmarts.com gets an email, it gets stored and not
> processd via sa or even clamav. Is this the case? I could sift through
> code, but that's not really very valuable to me at this point. What I
> need is to figure out what is causing clamav not to run or at least
> tag or log anything to indicate that its running properly through ms
> and it was indicated that the delivery options may be the problem.

The stored copy is in its original form for many reasons such as legal ones.
The delivered one on the other hand is of course processed. I agree, there
seems to be some confusion about that on the list.

By the way, I think the default rule should be last, might not matter here
but for good form if nothing else. :-)

--
/Peter Bonivart

--Unix lovers do it in the Sun

Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2