[Fwd: Re: [Exim] ClamAV + exiscan missing virus]

Top Page
Delete this message
Reply to this message
Author: Kevin Reed
Date:  
To: exim-users
CC: exiscanusers
Subject: [Fwd: Re: [Exim] ClamAV + exiscan missing virus]
[Resend used wrong account]

Phil White said:
> On Monday 03 November 2003 10:41, Andreas Gietl wrote:
>> Tim Jackson <lists@???> wrote:
>> try to increase your
>>
>> ArchiveMaxFileSize XXM
>
> Andreas.
>
> Thanks for the pointer, but this doesn't seem to help (me, at least!)
>
> Could you forward a copy of your clamd.conf, as I too fail to be

catching this
> one.


Below are the variables I am using in my clamav.conf file.

AllowSupplementaryGroups
LogFile /var/log/clamd.log
LogTime
LocalSocket /tmp/clamd
StreamSaveToDisk
StreamMaxLength 10M
MaxThreads 10
MaxDirectoryRecursion 15
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
-- Unused below ---------------------
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
ClamukoMaxFileSize 1M
ClamukoScanArchive

I see no indication that I am receiving any of these, yet when I attempted
to test it with my current ruleset, it snagged it without any problem
showing that the rules work.

Why I am not seeing any of the messages which should be identifiable in
the logs, I'm not sure. All I can think of is that some rule is rejecting
them before they get to the Recipeint ACL which would provide some clue in
the logs of who and whome it was for..


I would be most interested in getting a copy of a real message file with
all the headers attached so that I can determine how I am apparently able
to block these without need of a ClamAV.


I've already got a copy of the virus, but all tests attempting to passin
it through my mail servers always ends up with a catch...


--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums