Re: [exim] ClamAV changes needing testing

Mon, 14 Jun 2010 03:49:58 -0700 

On Sat, 5 Jun 2010, Phil Pennock wrote:

> Folks,
>
> There's an upcoming change to ClamAV, to remove the scanning API which
> released versions of Exim use.  I don't know the current schedule for
> that, but when we last checked, on bug 926, it was set for the middle of
> 2010.  *cough*
>
> I've committed to CVS my patches to switch Exim to the new scanning API
> and clean up some of that code.  This code could *really* do with some
> enthusiastic stress-testing by volunteers.  To make it easier to test,
> if you're an admin user then you get to use the new command-line option,
> -bmalware, which takes a filename and subjects that file to Exim's
> malware scanning, whatever that might be.
>
> If anyone feels like grabbing the code from HEAD in CVS and giving it a
> whirl and reporting back success after 1 day and 1 week (or failure if
> comes sooner), I'd appreciate it.  Thanks.

Hmm.
I run two malware scanners (ClamAV as daemon first, then NAI/McAfee 
uvscan in commandline mode).
Early in my exim config I have
# Declare the antivirus / malware setup
av_scanner = $acl_m0

then my acl_smtp_data ACL includes these rules for the wto malware 
scanners:

   # Reject messages containing malware (viruses etc.).
   # separate rule for each virus scanner
   #    log which scanner caught it but don't include this in rejection message
   #
   deny message = This message contains malware ($malware_name) (ClamAV)
        log_message = This message contains malware ClamAV $malware_name
         set acl_m0 = clamd:/var/run/clamav/clamd.sock
        malware = *
   #
   deny message = This message contains malware ($malware_name)
        log_message = This message contains malware NAI uvscan $malware_name
        set acl_m0 = NAIscanner_command
        malware = *
   #

With the CVS head (taken yesterday morning) this fails, eg
# /usr/sbin/exim.clamavtest -C /etc/exim/config.moa-new.clamav -bmalware 
/etc/motd
2010-06-14 11:42:27 dummy-1345573678 malware acl condition: av_scanner 
configuration variable is empty
Malware lookup returned non-okay/fail: 1

Would you want more detailed logging ?

-- 
Dr. Andrew C. Aitchison         Computer Officer, DPMMS, Cambridge
[email protected]   http://www.dpmms.cam.ac.uk/~werdna

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to