[Exim] demime acl condition: base64 line length is not a mul…

Top Page
Delete this message
Reply to this message
Author: Derrick
Date:  
To: exim-users
Subject: [Exim] demime acl condition: base64 line length is not a multiple of 4 characters/ virus in passworded zip
sorry if this has been discussed recently, getting over 2000 messages a
week it's hard to stay on top of the mailing lists constantly. i am
searching the archives now for any solutions, none so far. Here's what we
are seeing, a virus in a zipped file, that is password protected. my
settings:



av_scanner = cmdline: /usr/local/bin/sweep -all -archive -ss %s:\
        found:'(.+)'


and in the ACL for content checking:

 deny  message = This message contains a MIME error ($demime_reason)
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}


  deny  message = This message contains an unwanted file extension
($found_extension)
        demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:\
                hlp:hta:inf:ins:isp:jse?:lnk:mdb:mde:msc:msi:msp:mst:\
                pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wdf:wsh:wsc


  deny  message = This message contains malware ($malware_name)
         demime = *
         malware = *



Just wondering if there's something i've missed..


not sure if this will help but I changed my scanner line to:

av_scanner=cmdline: /usr/local/bin/sweep -all -archive -mime -tnef -ss
%s:\
        found:'(.+)'