On (2003/08/22 15:44), Suresh Ramasubramanian wrote:
> One other thing - using the exiscan and clamd ports, and my config is
> much the same as the one you posted. Both possible av_scanner lines I
> tried gave this, when I fed a simple eicar.com file through it -
>
> ><suresh@???>:
> >204.74.68.40 failed after I sent the message.
> >Remote host said: 550-This message contains malware
> >(/var/spool/exim/scan/19q8pP-000Fen-2g/19q8pP-000Fen-2g_scanner_output:
> >550 Empty file.)
Let's see your ACL.
My guess is one of:
1) You're putting something other than $malware_name in the deny message.
2) You're not using demime in the ACL.
3) You've enabled ScanMail in clamav.conf, which I don't do.
My messages look like this (pretty-printed for email):
2003-08-19 15:58:45 19pCcu-000P4g-PO H=sccrmhc13.comcast.net
[204.127.202.64] F=<xxx@???> rejected after DATA:
This message contains malware (W32/Klez-H)
Ciao,
Sheldon.