[Exim] Exim-4.12+Exiscan-4.12-25 don't reject viruses - part…

Hello,

I have a big problem with new version Exim-4.12+Exiscan-4.12-25+Sophos.

When I use old version Exim-4.10+Exiscan-4.10-17+Sophos all works ok.
Messages with viruses are rejected.

New version Exim-4.12+Exiscan-4.12-25+Sophos doesn't work correctly.
Message with virus is delivered.

Example:
--------
[...]
15:39:15  1043 Data file written for message 18pr63-0000Gp-00
15:39:15  1043 calling exiscan(); timeout=900
15:39:15  1043 exiscan: starting
15:39:15  1043 exiscan: expanding exiscan_condition: "1"
15:39:15  1043 exiscan: true exiscan_condition (expanded: "1")
15:39:15  1043 exiscan: expanding exiscan_av_condition: "1"
15:39:15  1043 exiscan: true exiscan_av_condition (expanded: "1")
15:39:15  1043 exiscan: using command line scanner. Path:
/usr/local/bin/sweep, Options: -all -archive -ss |
15:39:15  1043 exiscan: calling scanner as '/usr/local/bin/sweep -all
-archive -ss /var/spool/exim/scan/18pr63-0000Gp-00'
15:39:28  1043 exiscan: scanning output file for virus match
15:39:28  1043 exiscan: output file contents follow
15:39:28  1043 exiscan:
--------------------------------------------------------------
15:39:28  1043 exiscan:
15:39:28  1043 exiscan:
--------------------------------------------------------------
15:39:28  1043 ---0 Get 758808    40         exim.c   32
15:39:28  1043 exiscan: unlinking
/var/spool/exim/scan/18pr63-0000Gp-00/18pr63-0000Gp-00-complete
15:39:28  1043 ---0 Get 758848    16       header.c   44
15:39:28  1043 ---0 Get 758864    96       string.c  344
15:39:28  1043 LOG: MAIN
15:39:28  1043   exiscan: [message processed ok]
************************************************ ?????
15:39:28  1043 LOG: MAIN
15:39:28  1043   exiscan: Host=yyy.szczecin.pl [xxx.xxx.xxx.xxx]
Sender='xxx@???' Recipients[1]=[zzz@???]
Subject='333'
15:39:28  1043 exiscan() returned 0 [message processed ok]
15:39:28  1043 ---0 Get 758960    24       string.c  408
15:39:28  1043 calling local_scan(); timeout=300
15:39:28  1043 local_scan() returned 0 NULL
15:39:28  1043 Writing spool header file
15:39:28  1043 Size of headers = 757
15:39:28  1043 ---0 Get 758984   256      receive.c 2695
15:39:28  1043 ---0 Get 759240    72        parse.c  565
15:39:28  1043 LOG: MAIN
15:39:28  1043   <= xxx@??? H=yyy.szczecin.pl
[212.14.5.153] U=mail P=esmtp S=40720
id=Pine.LNX.4.21.0303031509050.28742-101000@yyy..szczecin.pl
15:39:28  1043 ---0 Rst 758984    **      receive.c 2793 16400
15:39:28  1043 SMTP>> 250 OK id=18pr63-0000Gp-00
----

When I start command by hand Sophos detects the virus:
------------------------------------------------------
uuu:/home/new# /usr/local/bin/sweep -all -archive -ss /home/new/Setup.doc
>>> Virus 'W32/Badtrans-B' found in file /home/new/Setup.doc

My exiscan section in exim.conf file:

######################################################################
#                       EXISCAN CONFIGURATION                        #
######################################################################

exiscan_condition = 1
exiscan_crypt_salt = fo
exiscan_av_condition = 1
exiscan_av_action = blackhole
exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /usr/local/bin/sweep
exiscan_av_scanner_options = -all -archive -ss |
exiscan_av_scanner_regexp_trigger = found in
exiscan_av_scanner_regexp_description = '(.*)'

Except new Exim version I didn't change other settings.

Any ideas ?

Why new version doesn't work correctly ?

Thanks for your help.

Slawek