On Sun, Sep 05, 2004 at 01:53:21PM +0200, Tom Kistner writes:
TK> >And another feature request: I want to check mail by two different
TK> >antiviruses (drwebd and clamd), but I cannot do this now with malware. :(
TK>
TK> You can. From the docs:
[...]
It seems /defer_ok works not correctly, it applied to all av_scanners.
My config:
acl_check_body:
accept set acl_m2 = clamd:/var/run/clamav/clamd.qq
malware = */defer_ok
set acl_c0 = $malware_name
condition = 0
accept condition = ${if eq {$acl_c0}{}{true}{false}}
set acl_m2 = drweb:/var/drweb/run/drwebd.skt
#set acl_m2 = drweb:127.0.0.1 3000
malware = *
set acl_c0 = $malware_name
condition = 0
discard message = This message contains a virus ($acl_c0)
condition = ${if eq {$acl_c0}{}{false}{true}}
condition = ${lookup{$acl_c0}wildlsearch{EXIM/discard-virus} {yes}{no}}
logwrite = Infected by $acl_c0
deny message = This message contains a virus ($acl_c0)
log_message = infected by $acl_c0 (Recipients: $recipients)
condition = ${if eq {$acl_c0}{}{false}{true}}
accept
No one antivirus available, but message passed:
Sep 6 21:25:56 cheetah exim[22042]: 1C4OBg-0005jW-KM malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd.qq (No such file or directory)
Sep 6 21:25:56 cheetah drwebd: [22043] /var/spool/exim/scan/1C4OBg-0005jW-KM/1C4OBg-0005jW-KM.eml - read error!
Sep 6 21:25:56 cheetah exim[22042]: 1C4OBg-0005jW-KM <= diffs@??? H=racoon.itpark.com.ua [193.109.240.7] U=exim P=esmtps X=TLSv1:AES256-SHA:256 S=1029 id=E1C4OBf-0004RV-0o@??? from <diffs@???> for kadet@??? lyon@??? yokodzun@???
Sep 6 21:25:56 cheetah exim[22044]: 1C4OBg-0005jW-KM => kadet <kadet@???> F=<diffs@???> R=procmail T=procmail_pipe S=1086
--
Lucky carrier,
Pavel.
