Re: [exim] New Stuff

Pàgina inicial
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
A: exim-users
Assumpte: Re: [exim] New Stuff
On 24 Feb 2005 at 22:17, David wrote about
    "Re: [exim] New Stuff":


| Hi !!
|
| > | (i will test it through
| > | http://www.webmail.us/testvirus, anyone asking for a test suite?), in
| > | any case adding decode = default in mime_acl will 'demime' all
| > | attachments, so in any case old_demime is not need for clamav
| >
| > That would be good to learn. I don't see any hint in the docs that
| > specifying decode= in the MIME ACL will change the behavior of
| > malware= in the DATA ACL.
|
| from spec.txt (some aprts omited):

|...

Right, got that.

| so, if i'm not missing anything, adding a decode = default on top of
| mime_acl will 'demime' all mime parts (that will not be deleted until
| data_acl ends),


Right, at MIME ACL time. Into potentially 100's of arbitrary
pathnames (one per MIME part), which would have to be remembered as a
list passed to the DATA ACL, and any or all of which may have been
deleted by a ${run later in the MIME ACL.

| and will be available to clamav (by now this is only
| theory, but looks like it will work)


That's what I see no evidence for in the docs. If anything, I would
infer the opposite from the fact that the docs were not updated when
decode= was added to indicate that it could be used instead of
demime.

I'm not looking at the code, but it's easy enough to test...

OK, I just tried adding "decode = default" to the MIME ACL and
commenting out the demime line in the DATA ACL. HUPped exim, sent a
test message with test/clam.zip attached. No joy, I'm afraid.

| > Excellent. You're the one who contributed the original clamd code to
| > exiscan, yes? Glad to have you checking in to this!
|
| for sure, i'm just migrating to 4.50 and i'm also using clamav


To my mind, the big question is why clamd does not recognise the .eml
file as a MIME message that should be unpacked.

- Fred