Re: [exim] Configuring Exim and a commandline antivirus scan…

Top Page
Delete this message
Reply to this message
Author: Manuel Molina Cuberos
Date:  
CC: Exim users mailing list, Lista de Adm. Correo
Subject: Re: [exim] Configuring Exim and a commandline antivirus scanner
Manuel Molina Cuberos escribió:
> Hello all!
>

I will repost the email, because Mailman seem not to treat well my
highlighted HTML syntax :(

------

I'm trying to configure the regular expressions to make Exim work with
ESET Security suite.
It was all fine, but I detected that I have to avoid some patterns.

The scanner output for a virus is:

file-20030201-161700-14842 -> MIME: virus="VBS/Haptime.E worm"

The first configuration I made was:

av_scanner = cmdline:\
/usr/bin/esets_cli --subdir %s:\
:: virus= : virus="(.+)"

It was ok, and Exim was stopping the viruses, but then, I detected that
I have to avoid some output patterns from the antivirus:

file-20030202-203146-10246 -> MIME -> part000.txt: virus="is OK"

that means there's _no virus_ on the file.

Here begins my problem with regular expressions. I tested the following
regex with pcretest, that worked:

# pcretest
PCRE version 6.7 04-Jul-2006

re> "virus=\"(?!is OK)"
data> virus="VBS/Haptime.E worm

0: virus="
data> virus="is OK

No match

Then, I think I failed to put it on exim4.conf to work, because

av_scanner = cmdline:\
/usr/bin/esets_cli --subdir %s:\
:: virus="(?!is OK) : virus="(.+)"

doesn't work. It can't even detect any virus.

Can you give me a hand to correct the expression ?

Thanks in advance,

--
Manuel Molina Cuberos

Administrador de Sistemas
Área Técnica

T-Online Telecommunications Spain, S.A.U
Grupo Deutsche Telekom
Edificio Gorbea 4
Avda. Bruselas, 20 3ª planta
28108 Alcobendas – Madrid
Telf: +34 911 41 7931
Fax +34 911 41 7700

Este mensaje puede contener información confidencial dirigida únicamente
a su destinatario. Si usted no es el destinatario de este mensaje, según
consta en el mismo, por favor destruya el mensaje y advierta al
remitente del error respondiendo a este mensaje por correo electrónico.
No está autorizada la copia o entrega de este mensaje a quienes no son
destinatarios del mismo.