Re: [Exim] Exiscan and uvscan from NAI.

Top Page
Delete this message
Reply to this message
Author: Rene Küttner
Date:  
To: Danny.Carroll
CC: exim-users
Subject: Re: [Exim] Exiscan and uvscan from NAI.
--
On Thu, Jan 23, 2003 at 02:43:12PM +0100, Danny.Carroll@??? wrote:
> Hello... I was wondering if anyone used uvscan?
> I am not able to get the virus name properly.
>
> My configure settings are:
>
> ##Antivirus facility (AV) options:
> exiscan_av_condition = 1
> exiscan_av_action = redirect messages@??? <mailto:messages@dannysplace.net>
> exiscan_av_scanner = cmdline
> exiscan_av_scanner_path = /usr/local/bin/uvscan
> exiscan_av_scanner_options = --secure -rv --summary --noboot |
> exiscan_av_scanner_regexp_trigger = ound
> #exiscan_av_scanner_regexp_description = Found[: ] (.+)$
> exiscan_av_scanner_regexp_description = Found (.+)$
> #exiscan_av_sophie_socket
> #exiscan_av_kavdaemon_socket
> #exiscan_av_openav_host
> #exiscan_av_openav_port
> #exiscan_av_clamav_host
> #exiscan_av_clamav_port
> #exiscan_av_buffer_init_chunk = 16384
> #exiscan_av_buffer_max_chunks = 5
>


try this one:

exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /usr/local/uvscan/uvscan
exiscan_av_scanner_options = --noboot --unzip -r |
exiscan_av_scanner_regexp_description = Found[: ]
exiscan_av_scanner_regexp_trigger = Found[: ]{1,2}(.*)[\.\!]

regards

>
> Messages with an eicar attachment have the following headers:
>
> X-Infected: exiscan_spool()
> X-Scanner: exiscan for exim4 (<http://duncanthrax.net/exiscan/)> *18bhXt-0002GF-00*yw49ZK5sO9.*
>
> I've not been able to test with other virii since I do not have any...
>
> -D
> -----------------------------------------------------------------
> ATTENTION:
> The information in this electronic mail message is private and
> confidential, and only intended for the addressee. Should you
> receive this message by mistake, you are hereby notified that
> any disclosure, reproduction, distribution or use of this
> message is strictly prohibited. Please inform the sender by
> reply transmission and delete the message without copying or
> opening it.
>
> Messages and attachments are scanned for all viruses known.
> If this message contains password-protected attachments, the
> files have NOT been scanned for viruses by the ING mail domain.
> Always scan attachments before opening them.
> -----------------------------------------------------------------
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--

René Küttner                     NetKom GmbH, Administration
rkuettner@???      Gewerbepark Mockritz, 04720 Döbeln


PGP Fingerprint: 548C C10B C40E 3AE4 B030 61B9 35F3 B801 8DF6 41AD
PGP Public-Key: http://in-doebeln.de/~rene/pubkey.asc

--
[ Content of type application/pgp-signature deleted ]
--