[exim] [URGENT] malware scanning with cmdline does not work …

Pàgina inicial
Delete this message
Reply to this message
Autor: Michael Ludwig
Data:  
A: exim-users
Assumpte: [exim] [URGENT] malware scanning with cmdline does not work as expected




Hi,

as stated out in my previous message in Nigel Wade's thread
"How to debug malware" my av_scanner (using cmdline option) does
not work.
After trial and error phase now - as debugging does not help
very much in this case - I found out that only ONE parameter
is passed to the cmdline scanner option which actually calls
the scanner program.
So whilst using this line:

----------------------------------------------------
av_scanner    = cmdline:/opt/mcafee/uvscan --allole --secure \
                --noboot -r %s:Found:Found(.+)
----------------------------------------------------


(still using McAfee uvscan) there is nothing more than the
parameter "--allole" passed when calling uvscan.
If I simply change the line to:

----------------------------------------------------
av_scanner    = cmdline:/opt/mcafee/uvscan %s:Found:Found(.+)
----------------------------------------------------


then the directy /var/spool/exim/scan/$MSGDIRTOSCAN is passed
correctly - as it is the only parameter given (scanning doesn't
work here either because the -r option is missing)


Next try:
----------------------------------------------------
av_scanner    = cmdline:/opt/mcafee/uvscan --secure \
                %s:Found:Found(.+)
----------------------------------------------------


then only the parameter "--secure" is passed - with the virus
scanner taking no action - of course - because it is missing the
parameter for the diretory which is about to scan...


So my opinion is that there is a malfunction in cmdline thingy
there. Could someone please check that?
I'm using exim 4.52.
It's urgent to me as long as I noticed the problem now with the
bigger getting Sober virus problem as there are some viruses which
have it made through my exim into my network. No good.

Michael