Re: [exim] How to debug malware

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MMichael Ludwig at <-
M\Nigel Wade at ->
Delete this message
Reply to this message
Author: Jakob Hirsch
Date:  
To: Nigel Wade
CC: Exim users list
Subject: Re: [exim] How to debug malware
Nigel Wade wrote:

> Ok. I've got to the root of the problem, and it's a pretty annoying one.
> It's an incompatibility between Exim 4.5 and Sophos sweep.
>
> Sophos won't find a virus in an attachment whilst it's part of the
> message - it needs to scan each component separately. Exiscan would
> split the message into its constituent parts, each in a separate file.

This is not an "incompability", Exim just does what you tell it.

The exiscan way was having a "demime = *" condition before your malware
condition. You have no demime in the config you supplied, so I wonder
how this worked before.

Anyway, demime is deprecated, but putting "decode = default" in the mime
acl provides similar functionality. No need for demime, as Micheal wrote.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] ACL question - require verb and negated host listsRe: [exim] ACL question - require verb and negated host lists->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)