Re: [exim] How to debug malware

Pàgina inicial
Delete this message
Reply to this message
Autor: Jakob Hirsch
Data:  
A: Nigel Wade
CC: Exim users list
Assumpte: Re: [exim] How to debug malware
Nigel Wade wrote:

> Ok. I've got to the root of the problem, and it's a pretty annoying one.
> It's an incompatibility between Exim 4.5 and Sophos sweep.
>
> Sophos won't find a virus in an attachment whilst it's part of the
> message - it needs to scan each component separately. Exiscan would
> split the message into its constituent parts, each in a separate file.


This is not an "incompability", Exim just does what you tell it.

The exiscan way was having a "demime = *" condition before your malware
condition. You have no demime in the config you supplied, so I wonder
how this worked before.

Anyway, demime is deprecated, but putting "decode = default" in the mime
acl provides similar functionality. No need for demime, as Micheal wrote.