[Exim] exiscan + kaspersky

Góra strony
Delete this message
Reply to this message
Autor: Dirk Koopman
Data:  
Dla: exim-users
Temat: [Exim] exiscan + kaspersky
I am running exim 4.10 + exiscan 4.10-15

I am passing a msg using:-

exim -d -bm djk@??? < msg >a 2>&1

and getting:-

Data file written for message 17zKGZ-0000C8-00
calling exiscan(); timeout=60
exiscan: starting
exiscan_cleanup(): unlinking
/var/spool/exim/scan/17zKGZ-0000C8-00/17zKGZ-0000C8-00-complete
exiscan_cleanup(): unlinking
/var/spool/exim/scan/17zKGZ-0000C8-00/textfile0 exiscan_cleanup():
unlinking /var/spool/exim/scan/17zKGZ-0000C8-00/textfile1
exiscan_cleanup(): unlinking
/var/spool/exim/scan/17zKGZ-0000C8-00/New_Microsoft_Works_4.0_Sheet_or_
Chart.wks.exe exiscan_cleanup(): unlinking
/var/spool/exim/scan/17zKGZ-0000C8-00/textfile2 exiscan() returned 0
[message processed ok] calling local_scan(); timeout=300
local_scan() returned 0 NULL

when running kavscanner on it says (but not so muddled up):-

tmp/msg archive: Mail /tmp/msg/[From capitaeducation@???][Date Tue,
08 Oct 2002 21:47:59 +0100]/html suspicion:
Exploit.IFrame.FileDownload/tmp/msg/[From capitaeducation@???][Date
Tue, 08 Oct 2002 21:47:59 +0100]/new packed: UPX/tmp/msg/[From
capitaeducation@???] [Date Tue, 08 Oct 2002 21:47:59 +0100]/new
infected: I-Worm.Tanatos File    /tmp/msg/[From
capitaeducation@???] [Date Tue, 08 Oct 2002 21:47:59 +0100]/new
Infected by virus: I-Worm.Tanatos


my exim.conf

#exiscan_condition = ${if or {{eq{$received_protocol}{esmtp}}
#{eq{$received_protocol}{smtp}}} {1}{0} }
exiscan_condition = 1
exiscan_crypt_salt = kb
exiscan_timeout = 60s
exiscan_unpack_mime = true
exiscan_av_condition = 1
exiscan_av_action = reject
exiscan_av_scanner = kavdaemon
exiscan_av_kavdaemon_socket = /opt/AVP/AvpCtl
#exiscan_extension_condition = 1
#exiscan_extension_action = reject
#exiscan_extension_data =
#vbs:vbe:wsf:wsh:js:jse:exe:com:cmd:shs:hta:bat:scr:pif

Any ideas why the I am not successfully talking to a genuinely existing
kavdaemon (lastest version, downloaded today)?

Dirk Koopman