Re: [Exim] av_scanner logging virus remove/clean

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MThomas Baumann at <-
MAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: Thomas Baumann
CC: exim-users@exim.org
Subject: Re: [Exim] av_scanner logging virus remove/clean
Thomas Baumann wrote:

> I tried to use log_message after every check in acl_check_content,
> but I did not see anything in the log files.

Ah yes, it only works when the outcome of the statement is "deny".
That is a bit unfortunate, anyone else know a way around it?

> How can I rebuild the message if a virus is found to cut the virus
> (or put in a "removed due to malware" attachment).
> fsav can disinfect or delete the malware. so it is great, if the
> cleaned attachment could be sent to the user. if not cleanable
> then it should reject. (als now 550 reject due to malware)

This is not possible with exiscan, since it does not write to exims
spool files, only reads them. Disinfection is mostly useless today.
Almost all malware traffic is worms who do not carry meaningful
attachments. And I would not touch an attachment from an infected user
with a 10ft pole even if it says "disinfected" ...

regards,

/tom





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] av_scanner logging virus remove/cleanRe: [Exim] exim -bd crashes (Version 4.20, with openldap2 and native bdb)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)