Re: [exim] Need help with exiscan and generic command line s…

Top Page
Delete this message
Reply to this message
Author: Ralf G. R. Bergs
Date:  
To: Jeremy Harris, exim-users
Subject: Re: [exim] Need help with exiscan and generic command line scanner interface
Hi.

On 2013-09-28 17:25 , Jeremy Harris wrote:
> On 22/09/13 21:15, Ralf G. R. Bergs wrote:
>> On 2013-09-22 20:09 , Jeremy Harris wrote:
>>> On 18/09/13 14:08, Ralf G. R. Bergs wrote:
>>>>>     warn  message         = This message contains malware
>>>>> ($malware_name)
>>>>>           set acl_m0      = cmdline:/usr/lib/AntiVir/guard/avscan -s
>>>>> --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval
>>>>> $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N

>>>
>>> I suspect that just setting acl_m0 to that string doesn't do what you
>>> think. Have a look at
>>>
>>> http://exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
>>>
>>>
>>>
>>> - maybe it should be involved with the av_scanner global option,
>> Actually I do use this already -- I left it out for briefness.
>
> It's relevant. What do you have there?

I have the following:
> # Allows dynamic definition of virus scanners.
> # See vexim-acl-check-content.conf.
> av_scanner = $acl_m0

Again the following work:
>   # Reject virus infected messages.
>   # Add message to implicit X-ACL-Warn: header
>   warn  message         = This message contains malware ($malware_name)
>         set acl_m0      = cmdline:\
>                           /usr/bin/avgscan --arc %s; echo -e
> \N"\navg_retval $?"\N:\
>                           avg_retval 5:\
>                           \NVirus identified *(.*)$\N
>         malware         = *
>         log_message     = This message contains malware
> (avg:$malware_name)

>
>   # Reject virus infected messages.
>   # Add message to implicit X-ACL-Warn: header
>   warn  message         = This message contains malware ($malware_name)
>         set acl_m0      = cmdline:\
>                           /usr/local/bin/fpscan --report %s; echo -e
> \N"\nfprot_retval $?"\N:\
>                           fprot_retval 1:\
>                           <([^>]*)>
>         malware         = *
>         log_message     = This message contains malware
> (f-prot:$malware_name)

>
>   # Reject virus infected messages.
>   # Add message to implicit X-ACL-Warn: header
>   warn  message         = This message contains malware ($malware_name)
>         set acl_m0      = cmdline:\
>                           /usr/bin/antivir --allfiles -z -rs %s:\
>                           ALERT:\
>                           [[](.+)\[]]
>         malware         = *
>         log_message     = This message contains malware
> (antivir:$malware_name)

while the new scanner doesn't:
>   # Reject virus infected messages.
>   # Add message to implicit X-ACL-Warn: header
>   warn  message         = This message contains malware ($malware_name)
>         set acl_m0      = cmdline:/usr/lib/AntiVir/guard/avscan -s
> --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval
> $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N
>         malware         = *
>         log_message     = This message contains malware
> (avira:$malware_name)

Thanks again for looking at it...

KR,

Ralf