On Mon, Jun 30, 2003 at 06:24:48PM +0200, Stanczak Slawomir wrote:
> Hello,
>
> I'am testing Exim-4.20+Exiscan-acl-4.20-09+Sophos under Solaris 9/Sparc.
> It works perfectly. :)
>
> I have one question. When Exim found virus, sends back complete message
> to sender (with virus). This is bad idea. Outlook Express send message
> with virus to all from address book. It makes loop. What can I do, that
> sender got only information about virus ?
>
> My exim.conf:
>
> acl_smtp_data = acl_check_content
> [...]
> av_scanner = cmdline:/usr/local/bin/sweep -all -rec -archive %s:found:'(.+)'
> [...]
Firstly you want to use Sophie rather than the command line. It is an
order of magnitude more efficient.
Secondly your setup should be rejecting at SMTP time, not bouncing so
any clients which connect directly to this MTA will not get the
entire message sent back, instead the client will report an error with
the connect ("550: malware found (W32/Klez)" or whatever.)
What may be occuring is that Outlook is talking to another MTA which isn't
doing any scanning, this message is then passed to your MTA, which then
rejects the message and the intermediate MTA bounces the message back.
If this is the case then there is nothing you can do with the above
config to prevent it. It is the intermediate MTA which need work
doing to it.
I can't see why you would get a loop either unless Outlook is set
to automatically reply to any incoming messages - which in itself
is a bad idea.
Mike
--
-----Plain text only please - attachments stripped on arrival.------
Copyright 2003 Mike Richardson, Room G98, Manchester Computing
University of Manchester, M13 9PL doctor@??? Int: 56009
Left through main doors. Right then left at end of corridor.
First door on left. URL http://kira.mcc.ac.uk/ Ext: 0161 275 6009
--------------------------------------------------------------------
"If I want your opinion, I'll **** it out of you!" - Chuck Norris
"If anything happens to my daughter I have a ** and ******" Clueless