Bug#278488: exim4-daemon-heavy: demime appears not to work with exiscan-acl

Colin Turner Colin Turner <ct@piglets.com>, 278488@bugs.debian.org
Wed, 27 Oct 2004 09:33:20 +0100 

Package: exim4-daemon-heavy
Version: 4.34-6
Severity: normal

I have attempted to configure virus scanning with exim4, but when I enable
the acl, all mail is deferred, even if it has no attachments.

The reject log shows something like this - specifically it mentions it cannot test demime condition.

2004-10-26 23:38:20 1CMZxM-0006ee-GE H=imladris.piglets.org [192.168.0.4] U=col\in F=<ct@piglets.com> temporarily rejected during MIME ACL checks: cannot test \demime condition in MIME ACL
Envelope-from: <ct@piglets.com>
Envelope-to: <ct@piglets.com>
P Received: from imladris.piglets.org ([192.168.0.4] ident=colin)
        by gondolin.piglets.org with esmtp (Exim 4.34 #1 (Debian))
        id 1CMZxM-0006ee-GE
        for <ct@piglets.com>; Tue, 26 Oct 2004 23:38:20 +0100
I Message-ID: <417ED28E.6050006@piglets.com>
  Date: Tue, 26 Oct 2004 23:41:18 +0100
F From: Colin Turner <ct@piglets.com>
  User-Agent: Mozilla Thunderbird 0.8 (X11/20040918)
  X-Accept-Language: en-us, en
  MIME-Version: 1.0
T To:  ct@piglets.com
  Subject: test mime
  X-Enigmail-Version: 0.86.1.0
  X-Enigmail-Supports: pgp-inline, pgp-mime
  Content-Type: text/plain; charset=ISO-8859-1; format=flowed
  Content-Transfer-Encoding: 7bit

I tried to search for that string in the exiscan patch and can't find it. I've checked
the virus scanner is working and that the scan directory exists and has appropriate
permissions.

drwxr-x---   2 Debian-exim Debian-exim  4096 May 31 00:16 db
-r--------   1 Debian-exim Debian-exim   356 May 31 00:23 gnutls-params
drwxr-x---   2 Debian-exim Debian-exim 77824 Oct 27 09:30 input
drwxr-x---   2 Debian-exim Debian-exim 32768 Oct 27 09:30 msglog
drwxr-x---   2 Debian-exim Debian-exim  4096 Oct 26 23:47 scan

I have read the official exim manual on ACLs, and my config file is here (abridged slightly).

#
# Setup for virus scanning
#
av_scanner = clamd:/var/run/clamav/clamd.ctl
#
# Commenting the following line disables the mime scanning ACL
#
acl_smtp_mime = my_mime_acl

[..]

begin acl

#
# This ACL is called for decoding and scanning MIME attachments
#
my_mime_acl:

# For testing at least, we shall scan outgoing attachments
# accept  hosts = 127.0.0.1:+relay_from_hosts
#

# Unpack MIME containers and reject file extensions
# used by worms. Note that the extension list may be
# incomplete.
  deny  message = $found_extension files are not accepted here
        demime = com:vbs:bat:pif:scr

# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
  deny  message = Serious MIME defect detected ($demime_reason)
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}

# Reject messages containing malware.
  deny message = This message contains malware ($malware_name)
       malware = *
     
# Reject spam messages. Remember to tweak your
# site-wide SA profile. Do not spam-scan messages
# larger than eighty kilobytes.
#deny message = Classified as spam (score $spam_score)
#     condition = ${if <{$message_size}{80k}{1}{0}}
#     spam = nobody
     
# Finally accept all other messages that have
# made it to this point
accept

Sorry if it's a configuration error, but I'm at a loss. It might be worth noting this configuration
is upgraded from exim3, but otherwise works very well.

CT.


-- Package-specific info:
Exim version 4.34 #1 built 11-Sep-2004 12:28:23
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 PAM Perl GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Contains exiscan-acl patch revision 21 (c) Tom Kistner [http://duncanthrax.net/exiscan/]
Configuration file is /etc/exim4/exim4.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='exim3manual'
dc_other_hostnames='piglets.com:piglets.org:lists.piglets.com:aikidoinireland.org:www.aikidoinireland.org:mobile.piglets.com:thog.piglets.com'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='192.168.0.4'
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='false'
mailname:gondolin.piglets.org

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.25
Locale: LANG=C, LC_CTYPE=C

Versions of packages exim4-daemon-heavy depends on:
ii  exim4-base                  4.34-6       EXperimental Internal Mailer -- a 
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libdb3                      3.2.9-20     Berkeley v3 Database Libraries [ru
ii  libgnutls11                 1.0.16-9     GNU TLS library - runtime library
ii  libldap2                    2.1.30-3     OpenLDAP libraries
ii  libmysqlclient10            3.23.56-2    LGPL-licensed client library for M
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libpcre3                    4.5-1.1      Perl 5 Compatible Regular Expressi
ii  libperl5.8                  5.8.4-2.3    Shared Perl library
ii  libpq3                      7.4.5-3      Shared library libpq.so.3 for Post

-- no debconf information