Re: [exim] Need help with exiscan and generic command line s…

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Need help with exiscan and generic command line scanner interface
On 30/09/13 09:27, Ralf G. R. Bergs wrote:
> Hi.
>
> On 2013-09-28 17:25 , Jeremy Harris wrote:
>> On 22/09/13 21:15, Ralf G. R. Bergs wrote:
>>> On 2013-09-22 20:09 , Jeremy Harris wrote:
>>>> On 18/09/13 14:08, Ralf G. R. Bergs wrote:
>>>>>>      warn  message         = This message contains malware
>>>>>> ($malware_name)
>>>>>>            set acl_m0      = cmdline:/usr/lib/AntiVir/guard/avscan -s
>>>>>> --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval
>>>>>> $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N

>>>>
>>>> I suspect that just setting acl_m0 to that string doesn't do what you
>>>> think. Have a look at
>>>>
>>>> http://exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html
>>>>
>>>>
>>>>
>>>> - maybe it should be involved with the av_scanner global option,
>>> Actually I do use this already -- I left it out for briefness.
>>
>> It's relevant. What do you have there?
> I have the following:
>> # Allows dynamic definition of virus scanners.
>> # See vexim-acl-check-content.conf.
>> av_scanner = $acl_m0


> while the new scanner doesn't [work]:


>>    # Reject virus infected messages.
>>    # Add message to implicit X-ACL-Warn: header
>>    warn  message         = This message contains malware ($malware_name)
>>          set acl_m0      = cmdline:/usr/lib/AntiVir/guard/avscan -s
>> --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval
>> $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N
>>          malware         = *
>>          log_message     = This message contains malware
>> (avira:$malware_name)


Doe it not run the scanner, not trigger, or not extract the malware
name?

If the 2nd or 3rd, can you manually grep the output with your pattern?

-- 
Cheers,
    Jeremy