Hi,
as stated out in my previous message in Nigel Wade's thread
"How to debug malware" my av_scanner (using cmdline option) does
not work.
After trial and error phase now - as debugging does not help
very much in this case - I found out that only ONE parameter
is passed to the cmdline scanner option which actually calls
the scanner program.
So whilst using this line:
----------------------------------------------------
av_scanner = cmdline:/opt/mcafee/uvscan --allole --secure \
--noboot -r %s:Found:Found(.+)
----------------------------------------------------
(still using McAfee uvscan) there is nothing more than the
parameter "--allole" passed when calling uvscan.
If I simply change the line to:
----------------------------------------------------
av_scanner = cmdline:/opt/mcafee/uvscan %s:Found:Found(.+)
----------------------------------------------------
then the directy /var/spool/exim/scan/$MSGDIRTOSCAN is passed
correctly - as it is the only parameter given (scanning doesn't
work here either because the -r option is missing)
Next try:
----------------------------------------------------
av_scanner = cmdline:/opt/mcafee/uvscan --secure \
%s:Found:Found(.+)
----------------------------------------------------
then only the parameter "--secure" is passed - with the virus
scanner taking no action - of course - because it is missing the
parameter for the diretory which is about to scan...
So my opinion is that there is a malfunction in cmdline thingy
there. Could someone please check that?
I'm using exim 4.52.
It's urgent to me as long as I noticed the problem now with the
bigger getting Sober virus problem as there are some viruses which
have it made through my exim into my network. No good.
Michael
