RE: [Exim] Anti Virus cmdline call

Top Page
Delete this message
Reply to this message
Author: Rick Cooper
Date:  
To: tlabs, exim-users
Subject: RE: [Exim] Anti Virus cmdline call

> -----Original Message-----
> From: exim-users-admin@??? [mailto:exim-users-admin@exim.org]On
> Behalf Of tlabs
> Sent: Saturday, September 06, 2003 9:34 AM
> To: exim-users@???
> Subject: Re: [Exim] Anti Virus cmdline call
>
>
> Ok, I have been through everything I can possibly think of here
> with sophos sweep and exim but it just wasnt picking
> the test virus up whasoever.
>
> This was very worrying.
>
> I decided to check out CLAMAV. I installed it and configured exim
> and an ACL and it worked first time.
> This solves my immediate problem of viruses coming in through
> mail but it leaves the issue of what was wrong with
> sophos. I replicated someone elses setup exactly for sophos after
> sending the list the first mail (thanks for that) but
> it just failed to work at all.
>
> This was quite alarming so I guess the next step is to set up a
> test box and find out why ...
>

<snip>
> > acl_smtp_data = check_message
> > av_scanner = cmdline:\
> >               /usr/local/bin/sweep -all -rec -archive %s:\
> >               found:'(.+)'

> >


I believe the problem is at found:1(.+)'

try found\::'(.+)'

and that assumes that the actual string isn't "found: 'something'" with a
space between "found:" and "'something'". You may want to download an eicar
file and run sweep against it to verify exactly what is output, in either
way you have to have the "\::" part written correctly.

Rick