Hi,
I'm in the process of upgrading our mail server, and part of that process is
upgrading Exim from 4.30 to 4.54. I am currently trying to configure Exim to do
virus scanning using Sophos/sweep.
In the data ACL I have a malware condition which should be finding a virus (I'm
sending it the eicar test virus), but it's not getting picked up. The ACL is
getting executed, but I can't see what it's actually doing.
The ACL in question is:
acl_check_data:
# Reject empty messages
deny
message = Empty message rejected.
condition = ${if < {$message_size} {2} {1} {0}}
#
# Now do virus scanning with Sophos.
#
# for locally generated messages, deny virus and send the user a message.
deny
hosts = +relay_from_hosts
message = Your message contains a virus ($malware_name).
malware = *
# for external messages with virus send a different message
deny
message = The message was rejected because it contains a virus
malware = *
and the debug output I get is:
15:50:43 9955 using ACL "acl_check_data"
15:50:43 9955 processing "deny"
15:50:43 9955 expanding: $message_size
15:50:43 9955 result: 915
15:50:43 9955 expanding: 2
15:50:43 9955 result: 2
15:50:43 9955 condition: < {$message_size} {2}
15:50:43 9955 result: false
15:50:43 9955 expanding: 1
15:50:43 9955 result: 1
15:50:43 9955 skipping: result is not used
15:50:43 9955 expanding: 0
15:50:43 9955 result: 0
15:50:43 9955 expanding: ${if < {$message_size} {2} {1} {0}}
15:50:43 9955 result: 0
15:50:43 9955 check condition = ${if < {$message_size} {2} {1} {0}}
15:50:43 9955 = 0
15:50:43 9955 deny: condition test failed
15:50:43 9955 processing "deny"
15:50:43 9955 check hosts = +relay_from_hosts
15:50:43 9955 cached yes match for +relay_from_hosts
15:50:43 9955 cached lookup data = NULL
15:50:43 9955 host in "+relay_from_hosts"? yes (matched "+relay_from_hosts" -
cached)
15:50:43 9955 check malware = *
15:50:43 9955 expanding: From ${sender_address} ${tod_bsdinbox}
15:50:43 9955
15:50:43 9955 result: From nmw@??? Fri Nov 25 15:50:43 2005
15:50:43 9955
15:50:43 9955 expanding: ${sender_address}
15:50:43 9955 result: nmw@???
15:50:43 9955 condition: def:received_for
15:50:43 9955 result: false
15:50:43 9955 expanding: $received_for
15:50:43 9955 result:
15:50:43 9955 skipping: result is not used
15:50:43 9955 expanding: ${if def:received_for{$received_for}}
15:50:43 9955 result:
15:50:44 9955 deny: condition test failed
15:50:44 9955 processing "deny"
15:50:44 9955 check malware = *
15:50:44 9955 deny: condition test failed
so I don't know whether exim has actually run sweep or not.
Is there any way to increase the debugging output for malware, so I can see what
malware test exim is actually running, and on what? The command I'm using is:
exim -bd -d+all
The same test works perfectly on the existing mail server, running Exim 4.30.
Running sweep manually on email files containing viruses also works, so I don't
think it's sweep that's at fault.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@???
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555