[Exim] exiscan-acl: use of both $malware_name and $found_ext…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Calum Mackay
Date:  
À: exim-users
Sujet: [Exim] exiscan-acl: use of both $malware_name and $found_extension in single deny line
Hi all,

[no response from exiscanusers, so taking the lib of re-sending here]

I'm trying to use both $malware_name and $found_extension in single deny
line of an ACL that has both demime and malware conditions:

    deny message = This message contains a virus or other harmful
content ($malware_name detected in $found_extension attachment).
         demime  = *
         malware = *


but the $found_extension variable doesn't seem to be set in the log message:

2004-02-14 13:22:58 1Arzl4-0002k4-Bd H=xxx.com [192.1.1.1]:34870
F=<calum.mackay@???> rejected after DATA: This message contains a
virus or other harmful content (ClamAV-Test-Signature detected in
attachment).

nor in the bounce. [the test virus was sent in a .bz2 file]

I do have $found_extension working in another ACL:

    deny message = This message contains an attachment of a type which
we do not accept (file extension: $found_extension).
         ! hosts = @[]
         demime = bat:cmd:com:exe:pif:prf:scr:vbs:zip


2004-02-06 21:53:13 1ApDuT-0006wX-Ix H=asyria.macrosoft.pl
(MacroSoft.pl) [194.92.38.2]:62401 F=<> rejected after DATA: This
message contains an attachment of a type which we do not accept (file
extension: zip).

So, is it that $found_extension can't be used when the malware condition
is also used, or is demime for some other reason not getting it right?
Perhaps only the variables set by the last condition are available to
the deny line?

thanks...

cheers,
c.