Jakob Hirsch wrote:
Nigel Wade wrote:
Sophos won't find a virus in an attachment whilst it's part of the
message - it needs to scan each component separately. Exiscan would
split the message into its constituent parts, each in a separate file.
This is not an "incompability", Exim just does what you tell it.
If you are happy that they are compatible
I didn't say that.
You said "This is not an incompatibility". That sounds to me like you are saying
they are compatible. What were you saying?
They may be incompatible, I don't know that (though I
doubt it), but surely not because of Exim not being able to extract
attachments for the virus scanner.
It's exactly that. How does Exim extract the attachments for the virus scanner?
I have not been able to get it to do that.
Anyway, demime is deprecated, but putting "decode = default" in the mime
acl provides similar functionality.
It doesn't provide similar functionality at all.
The spec says "The demime ACL condition provides MIME unpacking, sanity
checking and file extension blocking. It uses a simpler interface to MIME
decoding than the MIME ACL functionality, but provides no additional
facilities."
Apparently not similar enough, though.
How can you use a decode=default to scan for viruses?
The decode=default is part of the MIME ACL and the malware=*
is part of the data ACL.
The files extracted by decode=$whatever are deleted after the data acl is
run, so the virus scanner in the data acl will see the complete message
and all contained files.
In my tests the directory passed to the av_scanner did not contain the
components, only the complete message in a .eml file. I wasn't able to see the
message components in the data ACL/av_scanner.
Don't know why the spec says that demime is needed for that, probably a
relict from pre-mime_acl times.
Perhaps it is needed?
Phil or Tom (or whoever can do it), could
you check this?>
Furthermore, according to the documentation, the MIME ACL will
only unpack MIME components if the mail message contains a
MIME-Version: header. I would rather not have to rely on the
co-operation of the virus writers by requiring this
header be in the message for the virus scanning to work.
MIME-Version is a required header line for MIME messages (RFC1341 says
MUST), so messages without it are not MIME compliant.
But they may still contain a virus. RFC1341 doesn't say what the contents of a
valid virus message must contain ;-)
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : [EMAIL PROTECTED]
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
