Avast: improve compliance with avast-protocol(5)

[exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 16d276ee8503f11b84997eccb1266c3e41c65436..6353e29fb8f4edb1ddf4ee7df08367992fa6c1a8 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -31895,7 +31895,12 @@ $ socat UNIX:/var/run/avast/scan.sock STDIO:
     PACK
 .endd
 
-Only the first virus detected will be reported.
+A paniclog entry is logged and the message is deferred (except the
+malware condition uses "defer_ok") if the scanner returns a tmpfail
+(e.g. on license issues, or permission problems). If the scanner can't
+scan a file for internal reasons (e.g. decompression bomb), this is
+treated as an infection and malware_name is set to the error message.
+We do this err on the safe side.
 
 
 .vitem &%aveserver%&