Bug#278488: marked as done (exim4-daemon-heavy: demime appears not to work with exiscan-acl)

Fri, 29 Oct 2004 06:03:10 -0700

Your message dated Fri, 29 Oct 2004 14:47:22 +0200
with message-id <20041029124722.GD2682@torres.ka0.zugschlus.de>
and subject line Bug#278488: FW: Bug 278488: demime appears not to work with exiscan-acl
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Oct 2004 08:34:30 +0000
>From colin@gondolin.piglets.org Wed Oct 27 01:34:30 2004
Return-path: <colin@gondolin.piglets.org>
Received: from 82-69-6-64.dsl.in-addr.zen.co.uk (gondolin.piglets.org) [82.69.6.64] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CMjGI-00083D-00; Wed, 27 Oct 2004 01:34:30 -0700
Received: from colin by gondolin.piglets.org with local (Exim 4.34 #1 (Debian))
	id 1CMjFN-0004FF-QX; Wed, 27 Oct 2004 09:33:33 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Colin Turner <ct@piglets.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: exim4-daemon-heavy: demime appears not to work with exiscan-acl
X-Mailer: reportbug 2.63
Date: Wed, 27 Oct 2004 09:33:20 +0100
Message-Id: <E1CMjFN-0004FF-QX@gondolin.piglets.org>
Sender: Colin Turner <colin@gondolin.piglets.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: exim4-daemon-heavy
Version: 4.34-6
Severity: normal

I have attempted to configure virus scanning with exim4, but when I enable
the acl, all mail is deferred, even if it has no attachments.

The reject log shows something like this - specifically it mentions it cannot test demime condition.

2004-10-26 23:38:20 1CMZxM-0006ee-GE H=imladris.piglets.org [192.168.0.4] U=col\in F=<ct@piglets.com> temporarily rejected during MIME ACL checks: cannot test \demime condition in MIME ACL
Envelope-from: <ct@piglets.com>
Envelope-to: <ct@piglets.com>
P Received: from imladris.piglets.org ([192.168.0.4] ident=colin)
        by gondolin.piglets.org with esmtp (Exim 4.34 #1 (Debian))
        id 1CMZxM-0006ee-GE
        for <ct@piglets.com>; Tue, 26 Oct 2004 23:38:20 +0100
I Message-ID: <417ED28E.6050006@piglets.com>
  Date: Tue, 26 Oct 2004 23:41:18 +0100
F From: Colin Turner <ct@piglets.com>
  User-Agent: Mozilla Thunderbird 0.8 (X11/20040918)
  X-Accept-Language: en-us, en
  MIME-Version: 1.0
T To:  ct@piglets.com
  Subject: test mime
  X-Enigmail-Version: 0.86.1.0
  X-Enigmail-Supports: pgp-inline, pgp-mime
  Content-Type: text/plain; charset=ISO-8859-1; format=flowed
  Content-Transfer-Encoding: 7bit

I tried to search for that string in the exiscan patch and can't find it. I've checked
the virus scanner is working and that the scan directory exists and has appropriate
permissions.

drwxr-x---   2 Debian-exim Debian-exim  4096 May 31 00:16 db
-r--------   1 Debian-exim Debian-exim   356 May 31 00:23 gnutls-params
drwxr-x---   2 Debian-exim Debian-exim 77824 Oct 27 09:30 input
drwxr-x---   2 Debian-exim Debian-exim 32768 Oct 27 09:30 msglog
drwxr-x---   2 Debian-exim Debian-exim  4096 Oct 26 23:47 scan

I have read the official exim manual on ACLs, and my config file is here (abridged slightly).

#
# Setup for virus scanning
#
av_scanner = clamd:/var/run/clamav/clamd.ctl
#
# Commenting the following line disables the mime scanning ACL
#
acl_smtp_mime = my_mime_acl

[..]

begin acl

#
# This ACL is called for decoding and scanning MIME attachments
#
my_mime_acl:

# For testing at least, we shall scan outgoing attachments
# accept  hosts = 127.0.0.1:+relay_from_hosts
#

# Unpack MIME containers and reject file extensions
# used by worms. Note that the extension list may be
# incomplete.
  deny  message = $found_extension files are not accepted here
        demime = com:vbs:bat:pif:scr

# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
  deny  message = Serious MIME defect detected ($demime_reason)
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}

# Reject messages containing malware.
  deny message = This message contains malware ($malware_name)
       malware = *

# Reject spam messages. Remember to tweak your
# site-wide SA profile. Do not spam-scan messages
# larger than eighty kilobytes.
#deny message = Classified as spam (score $spam_score)
#     condition = ${if <{$message_size}{80k}{1}{0}}
#     spam = nobody

# Finally accept all other messages that have
# made it to this point
accept

Sorry if it's a configuration error, but I'm at a loss. It might be worth noting this configuration
is upgraded from exim3, but otherwise works very well.

CT.

-- Package-specific info:
Exim version 4.34 #1 built 11-Sep-2004 12:28:23
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 PAM Perl GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Contains exiscan-acl patch revision 21 (c) Tom Kistner [http://duncanthrax.net/exiscan/]
Configuration file is /etc/exim4/exim4.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='exim3manual'
dc_other_hostnames='piglets.com:piglets.org:lists.piglets.com:aikidoinireland.org:www.aikidoinireland.org:mobile.piglets.com:thog.piglets.com'
dc_local_interfaces=''
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='192.168.0.4'
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='false'
mailname:gondolin.piglets.org

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.25
Locale: LANG=C, LC_CTYPE=C

Versions of packages exim4-daemon-heavy depends on:
ii  exim4-base                  4.34-6       EXperimental Internal Mailer -- a 
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libdb3                      3.2.9-20     Berkeley v3 Database Libraries [ru
ii  libgnutls11                 1.0.16-9     GNU TLS library - runtime library
ii  libldap2                    2.1.30-3     OpenLDAP libraries
ii  libmysqlclient10            3.23.56-2    LGPL-licensed client library for M
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libpcre3                    4.5-1.1      Perl 5 Compatible Regular Expressi
ii  libperl5.8                  5.8.4-2.3    Shared Perl library
ii  libpq3                      7.4.5-3      Shared library libpq.so.3 for Post

-- no debconf information

---------------------------------------
Received: (at 278488-done) by bugs.debian.org; 29 Oct 2004 12:47:25 +0000
>From mh+debian-packages@zugschlus.de Fri Oct 29 05:47:25 2004
Return-path: <mh+debian-packages@zugschlus.de>
Received: from dccbd.unt0.7o9.ka0.zugschlus.de (torres.ka0.zugschlus.de) [212.126.220.203] (Debian-exim)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CNWA9-0008KW-00; Fri, 29 Oct 2004 05:47:25 -0700
Received: from mh by torres.ka0.zugschlus.de with local (Exim 4.41)
	id 1CNWA6-0000u8-Rh; Fri, 29 Oct 2004 14:47:22 +0200
Date: Fri, 29 Oct 2004 14:47:22 +0200
From: Marc Haber <mh+debian-packages@zugschlus.de>
To: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>,
	278488-done@bugs.debian.org
Subject: Re: Bug#278488: FW: Bug 278488: demime appears not to work with exiscan-acl
Message-ID: <20041029124722.GD2682@torres.ka0.zugschlus.de>
References: <053001c4bc26$a2c364f0$eb00010a@andromeda>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <053001c4bc26$a2c364f0$eb00010a@andromeda>
User-Agent: Mutt/1.3.28i
Delivered-To: 278488-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

On Wed, Oct 27, 2004 at 02:12:39PM +0100, Adam D. Barratt wrote:
> Marc/Andreas: I'm assuming this could be closed as due to user error?

I think so. Closing.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 151 152 442 95
Nordisch by Nature |  How to make an American Quilt | 