Re: [exim] ClamAV changes needing testing

Top Page
Delete this message
Reply to this message
Author: Dr Andrew C Aitchison
Date:  
To: exim-users
Subject: Re: [exim] ClamAV changes needing testing
On Sat, 5 Jun 2010, Phil Pennock wrote:

> Folks,
>
> There's an upcoming change to ClamAV, to remove the scanning API which
> released versions of Exim use. I don't know the current schedule for
> that, but when we last checked, on bug 926, it was set for the middle of
> 2010. *cough*
>
> I've committed to CVS my patches to switch Exim to the new scanning API
> and clean up some of that code. This code could *really* do with some
> enthusiastic stress-testing by volunteers. To make it easier to test,
> if you're an admin user then you get to use the new command-line option,
> -bmalware, which takes a filename and subjects that file to Exim's
> malware scanning, whatever that might be.
>
> If anyone feels like grabbing the code from HEAD in CVS and giving it a
> whirl and reporting back success after 1 day and 1 week (or failure if
> comes sooner), I'd appreciate it. Thanks.


Hmm.
I run two malware scanners (ClamAV as daemon first, then NAI/McAfee
uvscan in commandline mode).
Early in my exim config I have
# Declare the antivirus / malware setup
av_scanner = $acl_m0

then my acl_smtp_data ACL includes these rules for the wto malware
scanners:

   # Reject messages containing malware (viruses etc.).
   # separate rule for each virus scanner
   #     log which scanner caught it but don't include this in rejection message
   #
   deny message = This message contains malware ($malware_name) (ClamAV)
     log_message = This message contains malware ClamAV $malware_name
         set acl_m0 = clamd:/var/run/clamav/clamd.sock
          malware = *
   #
   deny message = This message contains malware ($malware_name)
     log_message = This message contains malware NAI uvscan $malware_name
     set acl_m0 = NAIscanner_command
          malware = *
   #


With the CVS head (taken yesterday morning) this fails, eg
# /usr/sbin/exim.clamavtest -C /etc/exim/config.moa-new.clamav -bmalware /etc/motd
2010-06-14 11:42:27 dummy-1345573678 malware acl condition: av_scanner configuration variable is empty
Malware lookup returned non-okay/fail: 1

Would you want more detailed logging ?

-- 
Dr. Andrew C. Aitchison        Computer Officer, DPMMS, Cambridge
A.C.Aitchison@???    http://www.dpmms.cam.ac.uk/~werdna