Just back from holiday and found this in the first pile of mail I looked at...
Nigel. Begin forwarded message: > Date: 26 October 2006 09:08:41 BDT > To: [EMAIL PROTECTED] > Subject: Issue with Exim and Sophos > > > Hello, > > We started having enquiries from customers who are using the Exim > MTA in > conjunction with Sophos for the purpose of mail scanning. > > The issues that they are seeing is that every file that they scan > is found > to be viral. This seems to be due to a script in Exim designed to > show > when a virus has been found when scanning a file,by matching the > string > 'found' in the output from SWEEP. > > For example: > > Virus 'W32/Magistr-B' found in file ./example.sh > > On the 24th of this month we released an IDE file called 'Foundu- > a.ide' > which obviously contains the string 'found'. > When 'sweep' scans a file it first loads the virus data and IDE files, > which are listed. This means that the script in Exim which is > looking for > the string 'found' will always succeed, meaning that every single > file that > is scanned will be declared as viral. > > We have been recommending to customers that they should modify the > Exim > script to scan for the string 'found ' (please note the space in this > string), or for 'found in'. > However, i was wondering if this is something that could be added > to the > faq (or another appropriate area on the Exim website) that we can > point > Exim users to? > > Customers using the Sophie daemon to interface with Sophos should > not be > affected by this issue as the virus data and IDEs are only loaded > once, and > so the names of the IDEs are not included in the output that it > produces. > > If you have any questions, or would like to discuss this issue further > please feel free to contact me. > > Kind regards > > Ben Jupp > > -- [ Nigel Metheringham [EMAIL PROTECTED] ] [ - Comments in this message are my own and not ITO opinion/policy - ] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
