Hello,
I have a big problem with new version Exim-4.12+Exiscan-4.12-25+Sophos.
When I use old version Exim-4.10+Exiscan-4.10-17+Sophos all works ok.
Messages with viruses are rejected.
New version Exim-4.12+Exiscan-4.12-25+Sophos doesn't work correctly.
Message with virus is delivered.
Example:
--------
[...]
15:39:15 1043 Data file written for message 18pr63-0000Gp-00
15:39:15 1043 calling exiscan(); timeout=900
15:39:15 1043 exiscan: starting
15:39:15 1043 exiscan: expanding exiscan_condition: "1"
15:39:15 1043 exiscan: true exiscan_condition (expanded: "1")
15:39:15 1043 exiscan: expanding exiscan_av_condition: "1"
15:39:15 1043 exiscan: true exiscan_av_condition (expanded: "1")
15:39:15 1043 exiscan: using command line scanner. Path:
/usr/local/bin/sweep, Options: -all -archive -ss |
15:39:15 1043 exiscan: calling scanner as '/usr/local/bin/sweep -all
-archive -ss /var/spool/exim/scan/18pr63-0000Gp-00'
15:39:28 1043 exiscan: scanning output file for virus match
15:39:28 1043 exiscan: output file contents follow
15:39:28 1043 exiscan:
--------------------------------------------------------------
15:39:28 1043 exiscan:
15:39:28 1043 exiscan:
--------------------------------------------------------------
15:39:28 1043 ---0 Get 758808 40 exim.c 32
15:39:28 1043 exiscan: unlinking
/var/spool/exim/scan/18pr63-0000Gp-00/18pr63-0000Gp-00-complete
15:39:28 1043 ---0 Get 758848 16 header.c 44
15:39:28 1043 ---0 Get 758864 96 string.c 344
15:39:28 1043 LOG: MAIN
15:39:28 1043 exiscan: [message processed ok]
************************************************ ?????
15:39:28 1043 LOG: MAIN
15:39:28 1043 exiscan: Host=yyy.szczecin.pl [xxx.xxx.xxx.xxx]
Sender='xxx@???' Recipients[1]=[zzz@???]
Subject='333'
15:39:28 1043 exiscan() returned 0 [message processed ok]
15:39:28 1043 ---0 Get 758960 24 string.c 408
15:39:28 1043 calling local_scan(); timeout=300
15:39:28 1043 local_scan() returned 0 NULL
15:39:28 1043 Writing spool header file
15:39:28 1043 Size of headers = 757
15:39:28 1043 ---0 Get 758984 256 receive.c 2695
15:39:28 1043 ---0 Get 759240 72 parse.c 565
15:39:28 1043 LOG: MAIN
15:39:28 1043 <= xxx@??? H=yyy.szczecin.pl
[212.14.5.153] U=mail P=esmtp S=40720
id=Pine.LNX.4.21.0303031509050.28742-101000@yyy..szczecin.pl
15:39:28 1043 ---0 Rst 758984 ** receive.c 2793 16400
15:39:28 1043 SMTP>> 250 OK id=18pr63-0000Gp-00
----
When I start command by hand Sophos detects the virus:
------------------------------------------------------
uuu:/home/new# /usr/local/bin/sweep -all -archive -ss /home/new/Setup.doc
>>> Virus 'W32/Badtrans-B' found in file /home/new/Setup.doc
My exiscan section in exim.conf file:
######################################################################
# EXISCAN CONFIGURATION #
######################################################################
exiscan_condition = 1
exiscan_crypt_salt = fo
exiscan_av_condition = 1
exiscan_av_action = blackhole
exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /usr/local/bin/sweep
exiscan_av_scanner_options = -all -archive -ss |
exiscan_av_scanner_regexp_trigger = found in
exiscan_av_scanner_regexp_description = '(.*)'
Except new Exim version I didn't change other settings.
Any ideas ?
Why new version doesn't work correctly ?
Thanks for your help.
Slawek
