Bug#278488: FW: Bug 278488: demime appears not to work with exiscan-acl

Adam D. Barratt "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>, 278488@bugs.debian.org
Wed, 27 Oct 2004 14:12:39 +0100 

This is a multi-part message in MIME format.

------=_NextPart_000_052D_01C4BC2F.04419C30
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi,

Colin: Please include NNNNNN@bugs.debian.org when replying, that way the BTS
and maintainers get copies of the mail as well. (I've attached a copy of
your mail).

Marc/Andreas: I'm assuming this could be closed as due to user error?

Regards,

Adam

------=_NextPart_000_052D_01C4BC2F.04419C30
Content-Type: message/rfc822;
	name="Re_ Bug#278488_ exim4-daemon-heavy_ demime appears not to work with    exiscan-acl.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="Re_ Bug#278488_ exim4-daemon-heavy_ demime appears not to work with    exiscan-acl.eml"

Return-path: <ct@piglets.com>
Envelope-to: adam-lists@sheerkahn
Delivery-date: Wed, 27 Oct 2004 11:45:57 +0100
Received: from sheerkahn.jungle.aubergine.my-net-space.net
	([192.168.0.1] helo=pop3.funky-badger.co.uk ident=adam)
	by sheerkahn.jungle.aubergine.my-net-space.net with esmtp (Exim 4.34)
	id 1CMlJV-00079B-Bq
	for adam-lists@sheerkahn; Wed, 27 Oct 2004 11:45:57 +0100
Received: from 82-69-6-64.dsl.in-addr.zen.co.uk ([82.69.6.64] helo=gondolin.piglets.org)
	by mail0.avcosystems.co.uk with esmtp (Exim 4.34 #1 (Debian))
	id 1CMlJE-0001fb-MZ
	for <debian-bts@adam-barratt.org.uk>; Wed, 27 Oct 2004 11:45:43 +0100
Received: from imladris.piglets.org ([192.168.0.4] ident=colin)
	by gondolin.piglets.org with esmtp (Exim 4.34 #1 (Debian))
	id 1CMlIA-0005n2-EM
	for <debian-bts@adam-barratt.org.uk>; Wed, 27 Oct 2004 11:44:34 +0100
Message-ID: <417F7CC8.40300@piglets.com>
Date: Wed, 27 Oct 2004 11:47:36 +0100
From: Colin Turner <ct@piglets.com>
User-Agent: Mozilla Thunderbird 0.8 (X11/20040918)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
Subject: Re: Bug#278488: exim4-daemon-heavy: demime appears not to work with
    exiscan-acl
References: <E1CMjFN-0004FF-QX@gondolin.piglets.org> <049f01c4bc08$bda9ab30$eb00010a@andromeda>
In-Reply-To: <049f01c4bc08$bda9ab30$eb00010a@andromeda>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AVCO-Spam-Score: 0.3 (/)
X-AVCO-Spam-Report: 0.3/8.0 ---- Start SpamAssassin results 
	* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
	*      [score: 0.0000]
	*  2.9 AWL AWL: From: address is in the auto white-list
	---- End SpamAssassin results
X-AVCO-Spam-Status: No
X-AVCO-Scan-Signature: fe7bfcfc83660ad8eccbd42a0d510958

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Adam D. Barratt wrote:
| It says something rather more specific, namely: "temporarily rejected
during
| MIME ACL checks: cannot test demime condition in MIME ACL".
|
| You're mixing "old-style" and "new-style" exiscan functionality.
"demime" is
| old-style, and belongs in the DATA ACL. The MIME ACL is new-style and
| introduces a number of new variables and conditions - see
| URL:http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt for further
| information.

Wow, thanks. I read that document completely (before filing the
bugreport) and that still wasn't clear to me at all...

Anyway, I have it fixed now (and working!). For anyone in the same
position, I had to

adduser clamav Debian-exim
/etc/init.d/clamav-daemon restart

so the daemon could access the decoded files, and ammended my config
like so:

begin acl

#
# This ACL is called for decoding and scanning MIME attachments
#
my_mime_acl:
~  require decode = default
~  accept


#
# ACL that is used after the DATA command
#
check_message:
# For testing at least, we shall scan outgoing attachments
# accept  hosts = 127.0.0.1:+relay_from_hosts
#

# Unpack MIME containers and reject file extensions
# used by worms. Note that the extension list may be
# incomplete.
~  deny  message = $found_extension files are not accepted here
~        demime = com:vbs:bat:pif:scr

# Reject messages containing malware.
~  deny message = This message contains malware ($malware_name)
~       demime = *
~       malware = */defer_ok

# Finally accept all other messages that have
# made it to this point
~  accept

Thanks for the help! Sorry to have misunderstood...

CT.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBf3zI0SwfPjLnaZYRAi4NAKCqfi4h67NazPdoBw4hpvzficKcNQCgxN/B
GaPQOxRy58AjEffa7KbGPEI=
=9xkY
-----END PGP SIGNATURE-----


------=_NextPart_000_052D_01C4BC2F.04419C30--