Author: Jakob Hirsch Date: To: Nigel Wade CC: Exim users list Subject: Re: [exim] How to debug malware
Nigel Wade wrote:
> Ok. I've got to the root of the problem, and it's a pretty annoying one.
> It's an incompatibility between Exim 4.5 and Sophos sweep.
>
> Sophos won't find a virus in an attachment whilst it's part of the
> message - it needs to scan each component separately. Exiscan would
> split the message into its constituent parts, each in a separate file.
This is not an "incompability", Exim just does what you tell it.
The exiscan way was having a "demime = *" condition before your malware
condition. You have no demime in the config you supplied, so I wonder
how this worked before.
Anyway, demime is deprecated, but putting "decode = default" in the mime
acl provides similar functionality. No need for demime, as Micheal wrote.