[exim] Logging who is receiving what viruses with Sophie ACL…

Top Page
Delete this message
Reply to this message
Author: Andrew Nelson
Date:  
To: exim-users
Subject: [exim] Logging who is receiving what viruses with Sophie ACL ?
Hi,

I'm trying to get a simple log of which email addresses are receiving what
viruses.. I have exim, with sophie (sophos) installed with this ACL:

# Reject virus infested messages.
  deny  message = This message contains malicious software ($malware_name)
           malware = *


which outputs entries like this in my logfile:

2005-06-08 00:29:45 1Dff5A-000F1E-L4 H=(uexpress.com) [62.56.253.100]
F=<mary@???> rejected after DATA: This message contains malicious
software (W32/Bugbear-D)

Note: The email address and IP logged have nothing to do with me and and I
don't know which address it was actually heading to. The software
(sophos/sophie)
also outputs to /var/log/maillog which is not much more help.

Is there any commands in exim that will allow the local_part and domain type
variables to be logged to a file? Something like this would have been
great:

# Reject virus infested messages.
  deny  message = This message contains malicious software ($malware_name)
           malware = *
           log_message = VIRUS_FOUND: $recipients, $senders, $malware_name


$recipients seems to work, but only sometimes.. there's a lot more viruses
being logged in /var/log/maillog (from sophie) than exim itself logs?!
confusing!

I'd appreciate any tips,
Thanks, Andrew.