Hi,
I'm just running into the following problem while trying to setup my
exim4.12 and exiscan 4.12-21 with uvscan.
I'm trying to send out mails when an infected e-Mail was found via a system
filter.
I don't know exactly if I configured the system filter commands (everything
in exim.conf) all right, so help is greatly appreciated.
BTW, can I use "exiscan_av_action = redirect virusalert@$domain" in the
exiscan config???
Is the $domain variable available there??
BTW2: The host I'm just configuring is mail2.vit.de (MX-backup)
Note in the transports the mail.vit.de (primary MX, exim 3.36)
===============================
exim.conf
===============================
system_filter = /etc/exim/filter
system_filter_directory_transport = transport_save_virusmails
system_filter_file_transport = transport_save_virusmails
system_filter_reply_transport = transport_virenmails
# ExiScan configuration:
exiscan_condition = 1
exiscan_crypt_salt = rz
exiscan_timeout = 5m
exiscan_unpack_mime = true
exiscan_av_condition = 1
exiscan_av_action = redirect virusalert@$domain
exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /opt/uvscan/uvscan
exiscan_av_scanner_options = --allole --secure --noboot -rv |
exiscan_av_scanner_regexp_trigger = Found
exiscan_av_scanner_regexp_description = (Found.*)
----------
transport_save_virusmails:
driver = appendfile
file = /var/spool/exim/virusmails/$message_id
delivery_date_add
envelope_to_add
return_path_add
transport_virenmails:
driver = smtp
hosts = mail.vit.de
===============================
===============================
filter
===============================
mail2:/etc/exim # less filter
# Exim filter
# exim virus scanning with mcafee uvscan
if "${if def:h_x-infected:{1}{0}}" is "1" then
mail to $reply_address:
from "postmaster@???"
subject "you sent out a mail with a virus... test test test test
test...."
text "virus alarm.... test test test test test"
save /var/spool/exim/virusmails/$message_id
finish
endif
===============================
===============================
Now the log:
===============================
Feb 4 08:53:48 mail2 exim[24353]: 2003-02-04 08:53:48 18fxts-0006Kn-00
exiscan: malicious content found (Found: EICAR test file NOT a virus.)
Host=mjakscht.vit.de [172.16.1.73] Sender='michi@???'
Recipients[1]=[jakscht@???] Subject='test 13'
Feb 4 08:53:48 mail2 exim[24353]: 2003-02-04 08:53:48 18fxts-0006Kn-00
exiscan: redirecting to virusalert@$domain.
Feb 4 08:53:48 mail2 exim[24353]: 2003-02-04 08:53:48 18fxts-0006Kn-00 <=
michi@??? H=mjakscht.vit.de (mjakscht) [172.16.1.73] P=smtp S=1630
id=000801c2cc22$5dce49f0$490110ac@mjakscht
Feb 4 08:53:48 mail2 exim[24355]: 2003-02-04 08:53:48 18fxts-0006Kn-00
original recipients ignored (system filter)
Feb 4 08:53:48 mail2 exim[24355]: 2003-02-04 08:53:48 18fxts-0006Kn-00 **
>"Michi" <michi@???>: <system-filter> T=transport_virenmails: SMTP error
from remote mailer after RCPT TO:<>"Michi" <michi@???>:>: host
mail.vit.de [213.69.199.241]: 501 <>"Michi" <michi@???>:>: missing or
malformed local part
Feb 4 08:53:48 mail2 exim[24355]: 2003-02-04 08:53:48 18fxts-0006Kn-00 =>
/var/spool/exim/virusmails/18fxts-0006Kn-00 <system-filter>
T=transport_save_virusmails
Feb 4 08:53:48 mail2 exim[24358]: 2003-02-04 08:53:48 18fxts-0006Ks-00 <=
<> R=18fxts-0006Kn-00 U=exim P=local S=2642
Feb 4 08:53:48 mail2 exim[24355]: 2003-02-04 08:53:48 18fxts-0006Kn-00
Completed
Feb 4 08:53:49 mail2 exim[24360]: 2003-02-04 08:53:49 18fxts-0006Ks-00 =>
root@??? <postmaster@???> R=smtp_router_rzvmail
T=smtp_transport_von_extern_nach_rzv H=rzvmail.vit.de [213.69.199.243]
Feb 4 08:53:49 mail2 exim[24360]: 2003-02-04 08:53:49 18fxts-0006Ks-00 =>
mnowak@??? <postmaster@???> R=smtp_router_rzvmail
T=smtp_transport_von_extern_nach_rzv H=rzvmail.vit.de [213.69.199.243]
Feb 4 08:53:49 mail2 exim[24360]: 2003-02-04 08:53:49 18fxts-0006Ks-00 =>
kotlarov@??? <postmaster@???> R=smtp_router_rzvmail
T=smtp_transport_von_extern_nach_rzv H=rzvmail.vit.de [213.69.199.243]
Feb 4 08:53:49 mail2 exim[24360]: 2003-02-04 08:53:49 18fxts-0006Ks-00 =>
jstruckh@??? <postmaster@???> R=smtp_router_rzvmail
T=smtp_transport_von_extern_nach_rzv H=rzvmail.vit.de [213.69.199.243]
Feb 4 08:53:49 mail2 exim[24360]: 2003-02-04 08:53:49 18fxts-0006Ks-00 =>
jakscht@??? <michi@???> R=smtp_router_rzvmail
T=smtp_transport_von_extern_nach_rzv H=rzvmail.vit.de [213.69.199.243]
Feb 4 08:53:49 mail2 exim[24360]: 2003-02-04 08:53:49 18fxts-0006Ks-00
Completed
===============================
Thanx for taking the time to read this,
Michael