Author: Alan J. Flavell Date: To: Exim-Users (E-mail) CC: Wakko Warner Subject: Re: [Exim] Encrypted Viruii
On Wed, 3 Mar 2004, Wakko Warner wrote:
> Keep me in CC.
done
> > p.s along with others, we decided that we had to block password-
> > protected zip attachments outright. A pity, but couldn't see any
> > alternative.
>
> How did you accomplish this?
By changing the exiscan_av_scanner_regexp_trigger and
exiscan_av_scanner_regexp_description strings, along these lines:
exiscan_av_scanner = cmdline
exiscan_av_scanner_path = /local0/sophos/bin/sweep
exiscan_av_scanner_options = -archive -ss -all |
#exiscan_av_scanner_regexp_trigger = found in
exiscan_av_scanner_regexp_trigger = found in|Password protected
exiscan_av_scanner_regexp_description = (^.*found|^.*protected)
As you can see, this presupposes Sophos sweep.
Log entries now read like this:
2004-03-03 12:08:24 1AyVAc-0000SJ-GE rejected by exiscan(): This email
contains a virus, other hostile content or is an unscannable zip
file.\nVirus scanner reports: '>>> Virus 'W32/Mydoom-F' found'
or like this:
2004-03-03 12:34:59 1AyVaP-0001KH-BK rejected by exiscan(): This email
contains a virus, other hostile content or is an unscannable zip
file.\nVirus scanner reports: 'Password protected'
with the corresponding lines going into the rejection status.