Autor: Andreas Gietl Data: Para: Tim Jackson, exim-users CC: exiscanusers Assunto: Re: [Exim] ClamAV + exiscan missing virus
Tim Jackson <lists@???> wrote:
> Hi Sheldon, on Mon, 3 Nov 2003 10:58:14 +0200 you wrote:
>
> > My exim-4.24 w/ exiscan-acl patch 13 and clamav-0.60 installation is
> > letting the Worm.Mimail.C virus through.
> > When I scan the file manually, I get:
> >
ArchiveMaxFileSize XXM
> Hmm, you're right. Using clamd, this is what Exiscan is actually getting
> back:
>
> $ telnet localhost 3310
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SCAN /tmp/photos.zip
> /tmp/photos.zip: File size limit exceeded. ERROR
>
> > I suspect that exiscan-acl needs to learn to ignore the "File size limit
> > exceeded" message.
>
> The strange thing is that regardless of what the message says, Exiscan
> should be detecting the trailing " ERROR" from the clamd socket as an
> error and doing a tempreject. Or is Exiscan treating ERRORs as "ok"
> instead of "tempreject" these days? This is with rev 12, by the way.
>
> > I've no idea why the message is issued in the first place
>
> I would guess it's due to the file corruption you pointed out.
>
>
> Tim
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details > at http://www.exim.org/ ##
>
>
