Re: Exim4 + ClamAV + Some Virii get through
On Tuesday 03 August 2004 08:12, David Purton wrote:
> On Tue, Aug 03, 2004 at 07:27:39AM +0100, Alan Chandler wrote:
> > On Tuesday 03 August 2004 02:25, David Purton wrote:
> > ...
> >
> > > It offers these lines, which might help in
> > > /etc/exim4/conf.d/acl/40_exim4-config_check_data:
> > >
> > >
> > > deny message = This message contains malformed MIME ($demime_reason)
> > > demime = *
> > > condition = ${if >{$demime_errorlevel}{2}{1}{0}}
> >
> > This needs exim4-heavy to be installed which includes a patch to connect
> > to virus checkers.
> >
> > You also need
>
> <SNIP>
>
> Yeah - this is all fine - sorry perhaps my original email was not clear.
> It all works fine - Normally Virus block and spam blocking occurs
> without a hitch.
>
> It's only on these special occasions where exim seems unable to properly
> extract the Virus to pass to clamav due to what I assume is deliberate
> breaking of the way the Virus is attached.
>
> So my question is will the above rule block this sort of message
> and will it block any legitimate messages?
At this point in the processing of the DATA ACL the deny rule kicks in and no
more of the ACL should be processed. The call to clamav in the ruleset I
attached was after this point, and so it should not be called for this
message. Instead at this point exim creates the bounce message to send and
stops further attempt at receiving this one.
--
Alan Chandler
alan@chandlerfamily.org.uk
First they ignore you, then they laugh at you,
then they fight you, then you win. --Gandhi
Reply to: