[exim] Configuring Exim and a commandline antivirus scanner

Top Page
Delete this message
Reply to this message
Author: Manuel Molina Cuberos
Date:  
To: Exim users mailing list
CC: Lista de Adm. Correo
Subject: [exim] Configuring Exim and a commandline antivirus scanner

Hello all!

I'm trying to configure the regular expressions to make Exim work with
ESET Security suite.
It was all fine, but I detected that I have to avoid some patterns.

The scanner output for a virus is:

file-20030201-161700-14842 -> MIME*: virus="VBS/Haptime.E worm"*

The first configuration I made was:

av_scanner = cmdline:\
             /usr/bin/esets_cli --subdir %s:\
           * :: virus= : virus="(.+)"*


It was ok, and Exim was stopping the viruses, but then, I detected that
I have to avoid some output patterns from the antivirus:

file-20030202-203146-10246 -> MIME -> part000.txt*: virus="is OK"*

that means there's _no virus_ on the file.

Here begins my problem with regular expressions. I tested the following
regex with pcretest, that worked:

# pcretest
PCRE version 6.7 04-Jul-2006

re> "virus=\"(?!is OK)"
data> virus="VBS/Haptime.E worm

0: virus="
data> virus="is OK

No match

Then, I think I failed to put it on exim4.conf to work, because

av_scanner = cmdline:\
              /usr/bin/esets_cli --subdir %s:\
             :: virus="(?!is OK) : virus="(.+)"


doesn't work. It can't even detect any virus.

Can you give me a hand to correct the expression ?

Thanks in advance,

--
Manuel Molina Cuberos

Administrador de Sistemas
Área Técnica

T-Online Telecommunications Spain, S.A.U
Grupo Deutsche Telekom
Edificio Gorbea 4
Avda. Bruselas, 20 3ª planta
28108 Alcobendas -- Madrid
Telf: +34 911 41 7931
Fax +34 911 41 7700

Este mensaje puede contener información confidencial dirigida únicamente
a su destinatario. Si usted no es el destinatario de este mensaje, según
consta en el mismo, por favor destruya el mensaje y advierta al
remitente del error respondiendo a este mensaje por correo electrónico.
No está autorizada la copia o entrega de este mensaje a quienes no son
destinatarios del mismo.