[exim] Exim v4.68 - clamd scans attachments twice

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Juergen Edner
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] Exim v4.68 - clamd scans attachments twice
Hello,
due to the fact that I wasn't able to send out some
messages with attachments I tried to analyzed how
exim parses email messages to clamd.
I started both applications Exim and Clamd in debug
mode and sent a small email with a zip-attachment.

The used Exim ACL condition looks like this:
   warn    log_message   = This message contains malware
           malware       = *


As a result I found out that the attachment has been
scanned twice although I cannot find a reason for this.

What I can say is, that Exim places four files in its
local scan directory. Based on the assumption that Exim
parses all files to clamd it would be possible that the
attachment will scanned multiple times:

   1Jep0N-0000XK-QN-00000   50724
     -> the mime parts of the message incl. attachment
   1Jep0N-0000XK-QN-00001      65
     -> the message text
   1Jep0N-0000XK-QN-00002   37163
     -> the binary attachment
   1Jep0N-0000XK-QN.eml     51503
     -> the complete message incl. header and attachment


Can anyone shed some light on this mechanism or tell me
how I can prevent Exim/Clamd from scanning one attachment
multiple times?

Thank you in advance!

Regards,
Juergen
--
GPG Key available