Dennis Davis wrote:
On Thu, 1 Dec 2005, Nigel Wade wrote:
From: Nigel Wade <[EMAIL PROTECTED]>
To: Exim users list <[email protected]>
Date: Thu, 01 Dec 2005 15:27:59 +0000
Subject: Re: [exim] How to debug malware
...
My mime ACL was incorrect, and it was not performing the decode
= default. Now that I've fixed it as above it does the required
action of decoding the mime parts. When the data acl is actioned,
and the av_scanner is run, the decoded mime parts are all there
in separate files in the directory which is passed to the
av_scanner. Sophos sweep will now happily detect viruses both in
the entire message, and in the decoded parts.
Thanks for supplying the correct syntax of the mime ACL.
In an earlier message you said:
Sorry, I forgot to add that the av_scanner is:
av_scanner = cmdline:\
/usr/local/bin/sweep -ss -all -rec -archive %s:\
found:'(.+)
Note that Sophos sweep *won't* do any mime decoding unless you tell
it to. So change the above to:
av_scanner = cmdline:\
/usr/local/bin/sweep -ss -all -rec -archive -mime %s:\
found:'(.+)
and try again. You may well find you don't need your mime ACL.
It's *very* easy to miss this. It isn't documented in the manual
page for Sophos sweep and the example in the exim specification
doesn't include it. You only find it out by typing something like
"sweep --help" to get a list of the options.
Thanks, I've already done this, someone mailed me off-list to tell me about this
option.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : [EMAIL PROTECTED]
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
