Re: [exim] How to debug malware

Páxina inicial
Esta mensaxe é parte do seguinte fío:
M-\Árbore completa do fío ordenada por data
M.MMichael Ludwig o <-
M\Nigel Wade o ->
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Jakob Hirsch
Data:  
Para: Nigel Wade
CC: Exim users list
Asunto: Re: [exim] How to debug malware
Nigel Wade wrote:

> Ok. I've got to the root of the problem, and it's a pretty annoying one.
> It's an incompatibility between Exim 4.5 and Sophos sweep.
>
> Sophos won't find a virus in an attachment whilst it's part of the
> message - it needs to scan each component separately. Exiscan would
> split the message into its constituent parts, each in a separate file.

This is not an "incompability", Exim just does what you tell it.

The exiscan way was having a "demime = *" condition before your malware
condition. You have no demime in the config you supplied, so I wonder
how this worked before.

Anyway, demime is deprecated, but putting "decode = default" in the mime
acl provides similar functionality. No need for demime, as Micheal wrote.



Esta mensaxe foi enviada ás seguintes listas:
Exim-users
Información da lista | Mensaxes recentes		<-[exim] ACL question - require verb and negated host listsRe: [exim] ACL question - require verb and negated host lists->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)