Bug#959004: exim4-daemon-heavy: exiscan is missing EICAR signature in message body but finds it in attachment

brunoc68 bugs01 at abcreseau.com
Wed Apr 29 07:35:46 BST 2020

Le 28/04/2020 à 19:46, Andreas Metzler a écrit :
> On 2020-04-28 brunoc68 <bugs01 at abcreseau.com> wrote:
>> Package: exim4-daemon-heavy
>> Version: 4.92-8+deb10u3
>> Severity: normal
>> Dear Maintainer,
>>    * What led up to the situation?
>> Installation of exim4-daemon-heavy with av_scanner = clamd
>>    * What exactly did you do (or not do) that was effective (or
>>      ineffective)?
>> 1. include EICAR virus signature in .txt or .zip attachment
>> 2. include EICAR virus signature in message body
>>    * What was the outcome of this action?
>> 1. mail refused at ACL time
>> 2. mail accepted : message found as clean in clamd log
>>    * What outcome did you expect instead?
>> 1. outcome ok
>> 2. mail refused at ACL time
> Hello,
> You will also need to run the av scanner in the DATA acl.
> cu Andreas
Dear Andreas, that was done :

 vi acl/40_exim4-config_check_data :
    message = This message was detected as possible malware ($malware_name).
    malware = *

Actually the virus filtering works, but only with the attachments. The
issue is the body of the email that goes through with the eicar
signature ; so I expect any html virus in the body can go through...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20200429/2f8c6a0a/attachment.html>

More information about the Pkg-exim4-maintainers mailing list