Bug#959004: exim4-daemon-heavy: exiscan is missing EICAR signature in message body but finds it in attachment
brunoc68
bugs01 at abcreseau.com
Wed Apr 29 07:35:46 BST 2020
Le 28/04/2020 à 19:46, Andreas Metzler a écrit :
> On 2020-04-28 brunoc68 <bugs01 at abcreseau.com> wrote:
>> Package: exim4-daemon-heavy
>> Version: 4.92-8+deb10u3
>> Severity: normal
>> Dear Maintainer,
>> * What led up to the situation?
>> Installation of exim4-daemon-heavy with av_scanner = clamd
>> * What exactly did you do (or not do) that was effective (or
>> ineffective)?
>> 1. include EICAR virus signature in .txt or .zip attachment
>> 2. include EICAR virus signature in message body
>> * What was the outcome of this action?
>> 1. mail refused at ACL time
>> 2. mail accepted : message found as clean in clamd log
>> * What outcome did you expect instead?
>> 1. outcome ok
>> 2. mail refused at ACL time
> Hello,
>
> You will also need to run the av scanner in the DATA acl.
>
> cu Andreas
Dear Andreas, that was done :
vi acl/40_exim4-config_check_data :
...
deny
message = This message was detected as possible malware ($malware_name).
malware = *
...
Actually the virus filtering works, but only with the attachments. The
issue is the body of the email that goes through with the eicar
signature ; so I expect any html virus in the body can go through...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20200429/2f8c6a0a/attachment.html>
More information about the Pkg-exim4-maintainers
mailing list