[exim] Exiscan letting through Viruses

Top Page
Delete this message
Reply to this message
Author: Andrew Lewis
Date:  
To: exim-users
Subject: [exim] Exiscan letting through Viruses
On an installation of Exim 4.42:

2005-02-25 07:31:01 1D4Y40-0007xK-Cc demime acl condition: base64 line length is not a multiple of 4 characters
2005-02-25 07:31:01 1D4Y40-0007xK-Cc demime acl condition: base64 line contains illegal character
2005-02-25 07:31:01 1D4Y40-0007xK-Cc demime acl condition: base64 line length exceeds 76 characters
2005-02-25 07:31:02 1D4Y40-0007xK-Cc <= dhinesh@??? H=(smtp.imperialonline.co.za) [196.15.172.219] P=esmtp S=38433 id=E1D4Y3Y-00056Q-00@???
2005-02-25 07:31:02 1D4Y40-0007xK-Cc => pnewton@??? R=internal T=remote_smtp H=mail.int.xxxxxx.co.za [192.168.10.3]
2005-02-25 07:31:02 1D4Y40-0007xK-Cc Completed

The stupid antivirus doesn't like broken MIME, so we're relying on Exiscan to drop it for us.

In our ACL we have something like:

deny  message = Serious MIME defect detected ($demime_reason)
      demime = *
      condition = ${if >{$demime_errorlevel}{2}{1}{0}}


  deny  message = This message contains malware ($malware_name)
        demime = *
        malware = *


Is this problem occuring because we have demime twice? Why is it accepting the broken MIME, when it seemingly knows it's broken?

Best,
-AL.