[pmg-devel] [PATCH pmg-api] close #2324 - improve docs on encrypted archives

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Aug 20 13:19:43 CEST 2019 

On 8/19/19 6:32 PM, Stoiko Ivanov wrote:
> The option for ClamAV 'Block Encrypted Archives and Documents', actually
> triggers a Heuristic match from ClamAV, which is used by PMG to rais the
> spam score of a message by the value of 'Heuristic Score' configured
> at the 'Spam Detector' settings.
> 
> Since this has caused confusion (also for myself) a few times already, this
> patch tries to address the issue by referring to the other option in the API
> description of both properties
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
> We could additionally consider renaming the GUI presentation of
> 'archiveblockencrypted' to 'Alert Encrypted Archives and Documents' in line
> with ClamAVs recent change and deprecation of 'ArchiveBlockEncrypted'.
> 
>  src/PMG/Config.pm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
> index 52dd7d0..2bffec8 100755
> --- a/src/PMG/Config.pm
> +++ b/src/PMG/Config.pm
> @@ -169,7 +169,7 @@ sub properties {
>  	    type => 'string',
>  	},
>  	clamav_heuristic_score => {
> -	    description => "Score for ClamAV heuristics (Google Safe Browsing database, PhishingScanURLs, ...).",
> +	    description => "Score for ClamAV heuristics (Encrypted Archives/Documents, Google Safe Browsing database, PhishingScanURLs, ...).",

OK.

>  	    type => 'integer',
>  	    minimum => 0,
>  	    maximum => 1000,
> @@ -331,7 +331,7 @@ sub properties {
>  	    default => 'database.clamav.net',
>  	},
>  	archiveblockencrypted => {
> -	    description => "Whether to block encrypted archives and documents. Mark encrypted archives and documents as viruses.",
> +	    description => "Whether to mark encrypted archives and documents. Mark encrypted archives and documents as heuristic virus match. Heuristic matches are treated by the Spam Detector as raising the Spam Score.",

IMO, above is still  confusing, with the repeating mark and wording.

Maybe something like:

"Whether to mark encrypted archives and documents heuristic virus match. A match does not necessarily result in an immediate block, it just raises the Spam Score."

?

>  	    type => 'boolean',
>  	    default => 0,
>  	},
>

More information about the pmg-devel mailing list