[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exim4 + ClamAV + Some Virii get through

On Tue, Aug 03, 2004 at 12:04:07PM -0700, Paul Johnson wrote:
> Hash: SHA1
> David Purton <dcpurton@chariot.net.au> writes:
> > I have a question about virus scanning at smtp time. Sadly I still
> > find Exim4 acl stuff a bit of a black art :(
> >
> > Sometimes a virus that clamav *does* already know about gets through.
> That's usually a new virus.

Not in this case - clamav does know about it - it never gets to clamav.
This is confirmed in the clamav logs
> > deny message = This message contains malformed MIME ($demime_reason)
> >   demime = *
> >   condition = ${if >{$demime_errorlevel}{2}{1}{0}}
> >
> >
> > If I understand this correctly, then it will deny any message with
> > broken mime encoding.
> >
> > 1. Will this help in my above situation?
> Possibly.  Try it and see?  Let us know what it does for you.

mmm - I tried on a test machine and it doesn't work :(

I still get the errors in exim logs for this particular mail and it gets

I just found a thread on the exiscan mailing list that deals with this
exact problem. The suggestion is the above mime recipe, so I might
fiddle around some more. Although the original poster on the exiscan
list apparently tried rejecting brokem mime stuff as well without

I'll post if I get it working.



David Purton
For the eyes of the LORD range throughout the earth to
strengthen those whose hearts are fully committed to him.
                                 2 Chronicles 16:9a

Attachment: signature.asc
Description: Digital signature

Reply to: