Re: [Exim] Exim and W32/Klez.eml virus

Startseite
Diese Nachricht ist Teil des folgenden Threads:
M\Der komplette Thread sortiert nach Datum
MMGanbold am <-
Tom Kistner am ->
Nachricht löschen
Nachricht beantworten
Autor: Asbjørn Høiland Aarrestad
Datum:  
To: ganbold
CC: exim-users
Betreff: Re: [Exim] Exim and W32/Klez.eml virus
Looks like you've forgotten to specify the "grep-condition" to be able to
see if a mail is infected or not. See exiscan docs for more info.

Asbjørn

> Hi
>
> I'm having problem with exiscan when checking Klez macro virus. It says
> "2003-02-26 11:36:46 18nsMU-0006xv-00 exiscan: warning: error parsing
> returned output".
>
> Exiscan config in Exim config.
> ----------------------------------------------------------------------------------------------------------------
>
> # Exiscan options
> exiscan_condition = ${if or {{eq{$received_protocol}{esmtp}} \
> {eq{$received_protocol}{asmtp}} \
> {eq{$received_protocol}{smtp}}} \
> {1}{0} }
> exiscan_timeout = 5m
> exiscan_crypt_salt = fo
> exiscan_av_condition = 1
> exiscan_av_scanner = cmdline
> exiscan_av_scanner_path = /usr/local/uvscan/uvscan
> exiscan_av_scanner_options = --secure -rv --summary --noboot |
> exiscan_av_action = reject
> exiscan_av_scanner_regexp_trigger = Found
> exiscan_av_scanner_regexp_description = Found[: ] (.+)$
>
>
> Following is the part of log file.
> ********************************************************************************************************
>
> 2003-02-26 11:36:46 18nsMU-0006xv-00 exiscan: warning: error parsing
> returned output
> Scanning /var/spool/exim/scan/18nsMU-0006xv-00/*
> Scanning file
> /var/spool/exim/scan/18nsMU-0006xv-00/18nsMU-0006xv-00-complete
> /var/spool/exim/scan/18nsMU-0006xv-00/18nsMU-0006xv-00-complete
>          Found the W32/Klez.eml virus !!!

>
> Summary report on /var/spool/exim/scan/18nsMU-0006xv-00/*
> File(s)
>          Total files: ...........       1
>          Clean: .................       0
>          Possibly Infected: .....       1
> Thank you for choosing to evaluate VirusScan from Network Associates.
> This  version of the software is for Evaluation Purposes Only and may be
> used  for  up to 30 days to determine if it meets your requirements.  To
> license  the  software,  or to  obtain  assistance during the evaluation
> process,  please call (408) 988-3832.  If you  choose not to license the
> software,  you  need  to remove it from your system.  All  use  of  this
> software is conditioned upon compliance with the license terms set forth
> in the README.TXT file.

>
> 2003-02-26 11:36:46 18nsMU-0006xv-00 temporarily rejected by exiscan():
> Temporary local problem (error parsing returned output)
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ## 


--
--------------------------------------------------
Asbjørn Høiland Aarrestad    asbjorn@???
http://asbjorn.aarrestad.com/





Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
Exim-users
Mailing-List-Info | Nachrichten um die Zeit		<-Re: [Exim] Re: [newbie] smarthosts found by MXRe: [Exim] Exim and W32/Klez.eml virus->
Tahini and Hummus and Cumin Development Archives administriert von cumin AdminsLurker (Version 2.3)