On 2013-09-22 22:15 , Ralf G. R. Bergs wrote:
> On 2013-09-22 20:09 , Jeremy Harris wrote:
>> On 18/09/13 14:08, Ralf G. R. Bergs wrote:
>>>> warn message = This message contains malware
>>>> ($malware_name)
>>>> set acl_m0 = cmdline:/usr/lib/AntiVir/guard/avscan -s
>>>> --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval
>>>> $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N
>> I suspect that just setting acl_m0 to that string doesn't do what you
>> think. Have a look at
>>
>> http://exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
>>
>>
>> - maybe it should be involved with the av_scanner global option,
> Actually I do use this already -- I left it out for briefness.
>> but I doubt the bit with "echo" will work there.
> As I said the other three scanners are working just fine, and I'm
> already using a similar construct (i. e. the below fragment does work
> well!):
>> warn message = This message contains malware ($malware_name)
>> set acl_m0 = cmdline:\
>> /usr/bin/avgscan --arc %s; echo -e
>> \N"\navg_retval $?"\N:\
>> avg_retval 5:\
>> \NVirus identified *(.*)$\N
>> malware = *
>> log_message = This message contains malware
>> (avg:$malware_name)
> Any idea why the below is not working?
>> warn message = This message contains malware ($malware_name)
>> set acl_m0 = cmdline:/usr/lib/AntiVir/guard/avscan -s
>> --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval
>> $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N
>> malware = *
>> log_message = This message contains malware
>> (avira:$malware_name)
Any idea, anyone?
KR,
Ralf
