[Exim] Exiscan ACL patch and clamd: Exim stops forever

Top Page
Delete this message
Reply to this message
Author: Oliver Egginger
Date:  
To: exim-users
CC: clamav-users
Subject: [Exim] Exiscan ACL patch and clamd: Exim stops forever
Hello,

I have installed clamd with Exim 4.22 and the corresponding Exiscan-ACL
patch under NetBSD 1.6.1. My clamd version is clamav-20030829.

I add the following lines to the Exim configuration:

av_scanner = clamd:/tmp/clamd

And an corresponding ACL (acl_smtp_data):

acl_check_data:
deny  message = $found_extension files are not accepted here
      demime = com:vbs:bat:pif:scr


deny  message = Serious MIME defect detected ($demime_reason)
      demime = *
      condition = ${if >{$demime_errorlevel}{2}{1}{0}}


deny message = This message contains malware ($malware_name)
     malware = *
accept


If I try to send a message through the system, the forked exim child
process stops forever. Here are the last log lines from the exim debug
output:

9894 Data file written for message 1A4aOI-0002Za-Uf
9894 using ACL "acl_check_data"
9894 processing "deny"
9894 check demime = com:vbs:bat:pif:scr
9894 deny: condition test failed
9894 processing "deny"
9894 check demime = *
9894 check condition = ${if >{$demime_errorlevel}{2}{1}{0}}
9894                 = 0
9894 deny: condition test failed
9894 processing "deny"
9894 check malware = *


After this line Exim stops forever.

I can stop the daemon via a TERM signal. Also I found the socket which
should be used for the communication between the patched Exim and the
clamd under /tmp/clamd. The startup of clamd left no error messages in
/var/log/clamd.log. I found the expected files in /var/spool/mail/scan.
I see no error message anywhere. So I can't find the reason for this
hang-up. Every suggestion would be highly welcome.

regards
oliver

--
Oliver Egginger <Oliver.Egginger@???>
Fachhochschule Giessen-Friedberg