Hi Sheldon, on Mon, 3 Nov 2003 10:58:14 +0200 you wrote:
> My exim-4.24 w/ exiscan-acl patch 13 and clamav-0.60 installation is
> letting the Worm.Mimail.C virus through.
> When I scan the file manually, I get:
>
> # clamscan /tmp/photos.zip
> /tmp/photos.zip: File size limit exceeded.
> /tmp/photos.zip: Worm.Mimail.C FOUND
> ...
Hmm, you're right. Using clamd, this is what Exiscan is actually getting
back:
$ telnet localhost 3310
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SCAN /tmp/photos.zip
/tmp/photos.zip: File size limit exceeded. ERROR
> I suspect that exiscan-acl needs to learn to ignore the "File size limit
> exceeded" message.
The strange thing is that regardless of what the message says, Exiscan
should be detecting the trailing " ERROR" from the clamd socket as an
error and doing a tempreject. Or is Exiscan treating ERRORs as "ok"
instead of "tempreject" these days? This is with rev 12, by the way.
> I've no idea why the message is issued in the first place
I would guess it's due to the file corruption you pointed out.
Tim