Luca Bertoncello via Exim-users <exim-users@???> (Mi 14 Mär 2018 11:03:19 CET):
> Hi list!
>
> I see very often this message in exim paniclog:
>
> malware acl condition: avast /var/run/avast/scan.sock : invalid response
> from scanner: 'SCAN
> /var/spool/exim4/scan/1ew39J-0002Qa-4m/1ew39J-0002Qa-4m-00004|>somefile
> [E]1.0 Error 42110 The\ file\ is\ a\ decompression\ bomb'
This should result in a defer.
> It seems that I cannot disable this warning in Avast and I didn't found any
> option in Exim to disable it.
> Can someone help me?
The current implementation is quite simple and can't deal well with the
multiline responses from avast.
But … even with my fix (which gives Exim compatibility with the
Avast multiline protocol) the message would make it to your logs.
Currently I'm not decided yet how to handle such errors from Avast. As
it doesn't seem to be an operational error (like permission denied, …)
If Exim sees an error from the Avast scanner, it defers the message.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
