Hi,
I'm trying to get a simple log of which email addresses are receiving what
viruses.. I have exim, with sophie (sophos) installed with this ACL:
# Reject virus infested messages.
deny message = This message contains malicious software ($malware_name)
malware = *
which outputs entries like this in my logfile:
2005-06-08 00:29:45 1Dff5A-000F1E-L4 H=(uexpress.com) [62.56.253.100]
F=<mary@???> rejected after DATA: This message contains malicious
software (W32/Bugbear-D)
Note: The email address and IP logged have nothing to do with me and and I
don't know which address it was actually heading to. The software
(sophos/sophie)
also outputs to /var/log/maillog which is not much more help.
Is there any commands in exim that will allow the local_part and domain type
variables to be logged to a file? Something like this would have been
great:
# Reject virus infested messages.
deny message = This message contains malicious software ($malware_name)
malware = *
log_message = VIRUS_FOUND: $recipients, $senders, $malware_name
$recipients seems to work, but only sometimes.. there's a lot more viruses
being logged in /var/log/maillog (from sophie) than exim itself logs?!
confusing!
I'd appreciate any tips,
Thanks, Andrew.
