Re: [exim] New Stuff

Page principale
Supprimer ce message
Répondre à ce message
Auteur: exim-users
Date:  
À: Exim-users
Sujet: Re: [exim] New Stuff
Frank Elsner schrieb:

> On Thu, 24 Feb 2005 18:56:47 +0100 David wrote:
>
>>Hi !!
>>
>>
>>>| OLD_DEMIME is deprecated, so i supose this feature is lost
>>>| for the ones not using old demime, really surprising.
>>>
>>>Especially as demime is still required for several virus scanners,
>>>notably clamav. I hope "deprecated" doesn't mean it will be dropped
>>>before that problem is solved...
>>
>>Those this means that clamav scanning will not work unless
>>OLD_DEMIME is defined ? where did you read this ?
>
>
> From the specification for exim-4.50, chapter "40. CONTENT SCANNING":
>
> | .   "clamd": This daemon-type scanner is GPL and free. You can get it at     
> | 
> |      http://www.clamav.net/. Clamd does not seem to unpack MIME containers,
> |      so it is recommended to unpack MIME attachments in the MIME ACL. It
> |      takes   one option: either the path and name of a UNIX socket file, or a
> |      hostname or IP number, and a port, separated by space, as in the second
> |      of these examples:


Hm, this indicates, that we have to substitute our "demime" in the data
acl with a "decode" in the mime acl to play it safe. On the other hand,
if I understood Edgar Lovecraft correctly, he doesn't use any mime
decoding on the part of exim at all and is happy with the result.

If the latter is true, exim could use clamd's stream mode to pass in the
whole mail instead of a file descriptor. This would allow clamd to be
moved to a different box, offering the same flexibility as spamd does today.

Ok, it seems there's no single testcase/testsuite for checking clamd's
mime decoding abilities, but people use the various anti-virus testing
sites. David, please let us know your results, when you're finished
testing. If you could supply a comparison "old demime - new decode - no
demime/decode at all", that would be terrific. I haven't upgraded to
v4.50 yet, so I can't do the testing myself at this point in time.


Patrick