Hi guys. I can't figure out what's going wrong with my below config snippet to make my Debian version of Exim 4.80 use Avira AntiVirus 3.1 as a generic command line virus scanner: > warn message = This message contains malware ($malware_name) > set acl_m0 = cmdline:/usr/lib/AntiVir/guard/avscan -s > --batch --scan-mode=all %s; /bin/echo -e \N"\navira_retval > $?"\N:\N^avira_retval 1$\N:\N.*ALERT: ([^;]*) ;.*\N > malware = * > log_message = This message contains malware > (avira:$malware_name) When I manually invoke the command line scanner I get the following output: > # /usr/lib/AntiVir/guard/avscan -s --batch --scan-mode=all eicar.com.txt > Avira AntiVir Personal (ondemand scanner) > Copyright (C) 2010 by Avira GmbH. > All rights reserved. > > SAVAPI-Version: 3.1.1.8, AVE-Version: 8.2.12.120 > VDF-Version: 7.11.102.248 created 20130918 > > AntiVir license: 0000XXXXXX > > Info: automatically excluding /sys/ from scan (special fs) > Info: automatically excluding /proc/ from scan (special fs) > Info: automatically excluding /var/lib/antivir/quarantine/ from scan > (quarantine) > > file: /root/work/eicar.com.txt > last modified on date: 2013-09-18 time: 10:50:02, size: 68 bytes > ALERT: Eicar-Test-Signature ; virus ; Contains code of the > Eicar-Test-Signature virus > ALERT-URL: http://www.avira.com/en/threats?q=Eicar%2DTest%2DSignature > no action taken > > ------ scan results ------ > directories: 0 > scanned files: 1 > alerts: 1 > suspicious: 0 > repaired: 0 > deleted: 0 > renamed: 0 > moved: 0 > scan time: 00:00:01 > -------------------------- The below is the list of codes Avira possibly returns, when I launched the above test with the EICAR dummy virus I indeed got a result code of 1: > list of return codes: > 0: Normal program termination, nothing found, no error > 1: Found concerning file > 3: Suspicious file found > 4: Warnings were issued > 255: Internal error > 254: Configuration error (invalid parameter in command-line > or configuration file) > 253: Error while preparing on-demand scan > 252: The avguard daemon is not running > 251: The avguard daemon is not accessible > 250: Cannot initialize scan process > 249: Scan process not completed > 248: No valid license found > 211: Program aborted, because the self check failed This is the virus scanner version: > # /usr/lib/AntiVir/guard/avscan --version > product kind: Avira AntiVir Personal (ondemand scanner) > product version: 3.1.3.5 > VDF version: 7.11.102.248 > VDF date: 2013-09-18 > AVE version: 8.2.12.120 > operating system: Linux 3.2.0-4-amd64 x86_64 > binary target: linux_glibc22 > The program is running in fully functional mode. Debian version: > # cat /etc/debian_version > 7.1 I'm fiddling with this since almost 2 hours now and can't figure out what's going wrong... :-(
I'm already using a couple of command line scanners as follows which are all working fine (which I can tell from Exim's mainlog, they all trigger on the EICAR dummy virus): > warn message = This message contains malware ($malware_name) > set acl_m0 = cmdline:\ > /usr/bin/avgscan --arc %s; echo -e > \N"\navg_retval $?"\N:\ > avg_retval 5:\ > \NVirus identified *(.*)$\N > malware = * > log_message = This message contains malware > (avg:$malware_name) > warn message = This message contains malware ($malware_name) > set acl_m0 = cmdline:\ > /usr/local/bin/fpscan --report %s; echo -e > \N"\nfprot_retval $?"\N:\ > fprot_retval 1:\ > <([^>]*)> > malware = * > log_message = This message contains malware > (f-prot:$malware_name) > warn message = This message contains malware ($malware_name) > set acl_m0 = cmdline:\ > /usr/bin/antivir --allfiles -z -rs %s:\ > ALERT:\ > [[](.+)\[]] > malware = * > log_message = This message contains malware > (antivir:$malware_name) I'm sure I'm missing s/t obvious, but it's been ages since I was really "fluent speaking Exim", so your help would be much appreciated. Thank you! KR, Ralf -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
