Re: [exim] How to debug malware

Pàgina inicial
Delete this message
Reply to this message
Autor: Jakob Hirsch
Data:  
A: Nigel Wade
CC: Exim users list
Assumpte: Re: [exim] How to debug malware
Nigel Wade wrote:

>>>>>Sophos won't find a virus in an attachment whilst it's part of the
>>>>>message - it needs to scan each component separately. Exiscan would
>>>>>split the message into its constituent parts, each in a separate file.
>>>>This is not an "incompability", Exim just does what you tell it.
>>>If you are happy that they are compatible
>> I didn't say that.
> You said "This is not an incompatibility". That sounds to me like you are
> saying they are compatible. What were you saying?


That a deficient configuration is not an incompability.
But I really don't want to start a discussion about nothing.

> It's exactly that. How does Exim extract the attachments for the virus
> scanner?


This works here:


acl_check_mime:

warn decode = default
[... some extension checks...]


acl_check_data:

[...]

  # virus scanning
  warn  log_message = Message contains malware ($malware_name)
        malware = */defer_ok
        set acl_m2 = $malware_name
        delay = 30s
        control = fakereject/Message rejected because of infection:
$malware_name



acl_m2 is used in system filter to tag the message and filter it out.