Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] Reporting password-protected attachments (Sophie)
Keith Edmunds wrote: > Should I be asking this question somewhere else?
>
> Thanks,
> Keith
>
>> Exim version 4.63 (Debian Etch)
>>
>> We're using Sophie for virus-checking incoming mail. Occasionally a
>> password-protected ZIP attachment arrives, which is detected by Sophos
>> (/var/log/mail.log reports "Error: File was encrypted"). However, all we
>> get in the Exim log is "malware acl condition: sophie reported error".
>>
>> Is it possible for Exim to be able to report that the file was encrypted?
>>
>> Thanks,
>> Keith
>
Perhaps.
- Exim *can* use the syslog logging facility instead of its own.
- Sopie *can* be made to log to other-than maillog.
- syslog *can* place output into more than one logfile.
- logfiles - or copies of same - could be interleaved even w/o syslog
(think 'common group membership and group-write privs).
I leave it to you if it is worth trying to consolidate all that such
that the relevant reports - if not 'adjacent' in the output, are at
least 'nearby'.
IMNSHO, it is a rare-enough case that I'd either not care, or not care
hard enough, long enough to need anything more than a grep run now and then.
After all - what is it that either Sophie or Exim would be asked to
actually *DO* about it (other than add an X-header and
[pass|reject|sequester])?