Re: [Exim] Exim + virus-scanning

Top Page
Delete this message
Reply to this message
Author: Dave Temple
Date:  
To: Mike Weller
CC: exim-users
Subject: Re: [Exim] Exim + virus-scanning
Mmm, this is odd, perhaps there is something I have missed. I just deliverately
sent a copy of SirCam (god knows I have enough examples of it to play with!)
through our virus scanner to two test accounts and amavis caught it and
displayed it as a single caught virus to two recipients. The machine we virus
scan on doesn't have any "real" users (its just a mail router) so its mostly
the router rule that runs and hardly ever the director rule. They both use the
same transport in my config though. I have tried it with both the director and
the router however and it does both as a single instance of amavis for two
recipients, and indeed I have even tried it with one local recipient and one
remote and (actually to my surprise) it ran these as a single instance of
amavis rather than two (I was convinced it would need to do it twice as one was
a director and the other a router, but apparently Phillip is even smarter than
I thought he was :-)

If you can e-mail me your whole config, together with your Exim version number
I will be happy to have a look at it for you.

Incidently, when you look at your Exim logs you can usually spot when there are
multiple recipients down one transport instance without having to change your
script. You get lines with <= in them to indicate the sender, and => to
indicate the first recipient per transport, then -> to indicate additional
recipients in the same transport instance. If you get all =>'s then you would
expect multiple transport instances, and if you get one => and lots of ->'s
then you would expect a single instance. (I hope I have that right, its been a
long while since I did the training course.)

On Aug 7, 10:09pm, Mike Weller wrote:
> Dave,
>
> Thanks for the info. I'm glad to know that it can be done. The only
> difference is that I'm still using the SH-version of amavis (which is
> called scanmails), but that shouldn't matter. I changed the following
> lines in my exim.conf:
>
> (I commented out the old lines):
>
> # batch_max = 32767
> # command = "/usr/sbin/scanmails -f ${sender_address} -d ${local_part}"
> batch_max = 100
> batch = all
> command = "/usr/sbin/scanmails -f ${sender_address} -d ${pipe_addresses}"
>
> I modified scanmails so that it would dump the arguments for testing:
> echo $* > /tmp/scan.$$
>
> I restarted exim 3.16, and e-mailed test3 & test4 in the same mailing, I got
> 2 separate scanmails PIDs, with $pipe_addresses instead of $local_part:
>
> scan.27139
> ::::::::::::::
> -f weller@??? -d test3@???
>
> scan.27225
> ::::::::::::::
> -f weller@??? -d test4@???
>
> So, I still have the problem with it scanning for each e-mail.
> Should $pipe_addresses expand to "test4@??? test3@???"?
>
> I have 2 transports - scanmails_pipe and scanmails_remote. I
> modified both instances just to be on the safe side.
>
> I can send my entire exim.conf if that helps. Thanks again,
>
> -Mike
>
>
> Dave Temple wrote:
> > Quoting Mike Weller <weller@???>:
> > > I currently run exim with amavis to scan for viruses. I also use
> > > mailman, a mailing list program. Here's the problem... whenever
> > > someone sends to a mailist list, it checks for viruses for each
> > > individual mailing list recipient. Even if I don't use mailman and I
> > > directly listed the recipients in a single e-mail, it will behave the
> > > same way. I want it to just check ONCE and then bypass the antivirus
> > > checking. I'm trying to figure out the easiest way to do this. Let
> > > me explain my setup.
> >
>
> ...
> >
> > amavis:
> > driver = pipe
> > batch = all
> > batch_max = 100
> > command = "/usr/sbin/amavis -f ${sender_address} -d ${pipe_addresses}"
> > prefix =
> > suffix =
> > check_string =
> > escape_string =
> > return_output = false
> > return_path_add = false
> > user = amavis
> > group = cc
> > path = "/bin:/sbin:/usr/bin:/usr/sbin"
> > current_directory = "/var/amavis"
> >
> > It does indeed seem to work well, and does appear to scan messages once for

up
> > to 100 recipients (if the message was a single message to start with). I

just
> > picked the 100 figure out of the air because nobody could tell me how many
> > command line arguments my Linux system would be likely to accept (anyone

know?).
> >
> > Some old mailing list software already splits messages into multiple sends
> > though. We don't use mailman, but I suspect it isn't one of those as its

pretty
> > up to date.
> >
> > ---
> >
> > Dave Temple, Head of Network Services
> > Loughborough University Computing Services
> >
> >
>
>
> --
> Michael J. Weller, M.Sc.               office: (972) 235-7881 x.242
> weller@???                         cell: (214) 616-6340
> Zyvex Corp., 1321 N Plano           facsimile: (972) 235-7882
> Richardson, TX 75081                      icq: 6180540

>
>-- End of excerpt from Mike Weller