Author: Tom Kistner Date: To: Thomas Baumann CC: exim-users@exim.org Subject: Re: [Exim] av_scanner logging virus remove/clean
Thomas Baumann wrote:
> I tried to use log_message after every check in acl_check_content,
> but I did not see anything in the log files.
Ah yes, it only works when the outcome of the statement is "deny".
That is a bit unfortunate, anyone else know a way around it?
> How can I rebuild the message if a virus is found to cut the virus
> (or put in a "removed due to malware" attachment).
> fsav can disinfect or delete the malware. so it is great, if the
> cleaned attachment could be sent to the user. if not cleanable
> then it should reject. (als now 550 reject due to malware)
This is not possible with exiscan, since it does not write to exims
spool files, only reads them. Disinfection is mostly useless today.
Almost all malware traffic is worms who do not carry meaningful
attachments. And I would not touch an attachment from an infected user
with a 10ft pole even if it says "disinfected" ...