On 6/7/05, Andrew Nelson <andrew__nelson@???> wrote:
> I'm trying to get a simple log of which email addresses are receiving what
> viruses.. I have exim, with sophie (sophos) installed with this ACL:
Using your ACL but switching the order yields:
deny
message = This message contains a virus ($malware_name)
log_message = VIRUS_FOUND: $recipients, $senders, $malware_name
malware = *
2005-06-07 23:26:35 H=crc2.excedent.us (mail01.excedent.us)
[206.158.107.157] Warning: remote host presented unverifiable
HELO/EHLO greeting.
2005-06-07 23:27:35 1DfrE7-00081Y-MA Subject: Virus Scanner Test #11
2005-06-07 23:27:36 1DfrE7-00081Y-MA failed to expand ACL message
"VIRUS_FOUND: $recipients, $senders, $malware_name": unknown variable
name "senders"
2005-06-07 23:27:36 1DfrE7-00081Y-MA H=crc2.excedent.us
(mail01.excedent.us) [206.158.107.157] F=<tester@???>
rejected after DATA: This message contains a virus (unknown)
Changing to...
deny
message = This message contains a virus ($malware_name)
log_message = VIRUS_FOUND: $recipients, $sender_address, $malware_name
malware = *
2005-06-07 23:35:44 H=crc2.excedent.us (mail01.excedent.us)
[206.158.107.157] Warning: remote host presented unverifiable
HELO/EHLO greeting.
2005-06-07 23:36:44 1DfrMy-00082q-AJ Subject: Virus Scanner Test #11
2005-06-07 23:36:45 1DfrMy-00082q-AJ H=crc2.excedent.us
(mail01.excedent.us) [206.158.107.157] F=<tester@???>
rejected after DATA: VIRUS_FOUND: my@???,
tester@???, unknown
Why don't you just put $recipients and $sender_address in the
'message' modifier and avoid the whole log_message thing anyway? Kind
of redundant, isn't it?
Sam
