Re: [Exim] Encrypted Viruii

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MWakko Warner at <-
MAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim-Users (E-mail)
CC: Wakko Warner
Subject: Re: [Exim] Encrypted Viruii
On Wed, 3 Mar 2004, Wakko Warner wrote:

> Keep me in CC.

done

> > p.s along with others, we decided that we had to block password-
> > protected zip attachments outright. A pity, but couldn't see any
> > alternative.
>
> How did you accomplish this?

By changing the exiscan_av_scanner_regexp_trigger and
exiscan_av_scanner_regexp_description strings, along these lines:

exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /local0/sophos/bin/sweep
exiscan_av_scanner_options = -archive -ss -all |
#exiscan_av_scanner_regexp_trigger = found in
exiscan_av_scanner_regexp_trigger = found in|Password protected
exiscan_av_scanner_regexp_description = (^.*found|^.*protected)

As you can see, this presupposes Sophos sweep.

Log entries now read like this:

2004-03-03 12:08:24 1AyVAc-0000SJ-GE rejected by exiscan(): This email
contains a virus, other hostile content or is an unscannable zip
file.\nVirus scanner reports: '>>> Virus 'W32/Mydoom-F' found'

or like this:

2004-03-03 12:34:59 1AyVaP-0001KH-BK rejected by exiscan(): This email
contains a virus, other hostile content or is an unscannable zip
file.\nVirus scanner reports: 'Password protected'

with the corresponding lines going into the rejection status.

Hope this helps.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] inbox file becomes locked while downloading mailRe: [Exim] Encrypted Viruii->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)