Re: [exim] Need help with exiscan and generic command line s…

Top Page
Delete this message
Reply to this message
Author: Ralf G. R. Bergs
Date:  
To: Jeremy Harris, exim-users
Subject: Re: [exim] Need help with exiscan and generic command line scanner interface
Hi Jeremy.

Sorry for the long delay in getting back to you. I was sick for a couple
of days, and then I was too busy to work on this...

On 2013-09-30 21:49 , Jeremy Harris wrote:
> On 30/09/13 09:27, Ralf G. R. Bergs wrote:
>> I have the following:
>>> # Allows dynamic definition of virus scanners.
>>> # See vexim-acl-check-content.conf.
>>> av_scanner = $acl_m0
>
>> while the new scanner doesn't [work]:
>
>>>    # Reject virus infected messages.
>>>    # Add message to implicit X-ACL-Warn: header
>>>    warn  message         = This message contains malware
>>> ($malware_name)
>>>          set acl_m0      = cmdline:/usr/lib/AntiVir/guard/avscan -s
>>> --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval
>>> $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N
>>>          malware         = *
>>>          log_message     = This message contains malware
>>> (avira:$malware_name)

>
> Doe it not run the scanner, not trigger, or not extract the malware
> name?

As it turned out it didn't run the scanner (not sure why since I tweaked
a couple of things, but eventually it was a permission problem w/ the
quarantine directory).

Anyway, as I now found out (since I intentionally specified a
non-existing scanner) even if I specify a non-existing cmdline scanner
Exim will /not/ log this.

Can this please be investigated and fixed?
> If the 2nd or 3rd, can you manually grep the output with your pattern?

I'm now at a point where it triggers, but the malware name is still
wrong. I'm confident that I will fix this soon.

Thanks for your help so far.

KR,

Ralf