Re: [Exim] ClamAV + exiscan missing virus

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Tim Jackson
Data:  
Para: exim-users
CC: exiscanusers
Assunto: Re: [Exim] ClamAV + exiscan missing virus
Hi Sheldon, on Mon, 3 Nov 2003 10:58:14 +0200 you wrote:

> My exim-4.24 w/ exiscan-acl patch 13 and clamav-0.60 installation is
> letting the Worm.Mimail.C virus through.
> When I scan the file manually, I get:
>
>     # clamscan /tmp/photos.zip
>     /tmp/photos.zip: File size limit exceeded.
>     /tmp/photos.zip: Worm.Mimail.C FOUND
>     ...


Hmm, you're right. Using clamd, this is what Exiscan is actually getting
back:

$ telnet localhost 3310
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SCAN /tmp/photos.zip
/tmp/photos.zip: File size limit exceeded. ERROR

> I suspect that exiscan-acl needs to learn to ignore the "File size limit
> exceeded" message.


The strange thing is that regardless of what the message says, Exiscan
should be detecting the trailing " ERROR" from the clamd socket as an
error and doing a tempreject. Or is Exiscan treating ERRORs as "ok"
instead of "tempreject" these days? This is with rev 12, by the way.

> I've no idea why the message is issued in the first place


I would guess it's due to the file corruption you pointed out.


Tim