[Mimedefang] Symantec AV Scan Engine
Jerry Vonau
jvonau at winnipegmotorexpress.com
Tue Nov 4 18:30:05 EST 2003
Hi All:
I have mimedefang setup with Symantec Scan Engine and this works great for
me. I was running into a situation where the scan engine would fail to scan
the file, "mimedefang.pl[6574]: Unexpected response to AVSCAN or
AVSCANLOCAL command: 538 Malformed container file found. - File not
scanned." was logged in messages and the mail was tempfailed, logged in
maillog "problem running virus-scanner", and bounced. While I don't want to
forward any file that can't be scanned,
the scanner was not the problem, the mail's container is.
I hacked mimedefang.pl like so:
91c91
< $Features{'Virus:SymantecCSS'} = 0; # Ditto
---
> $Features{'Virus:SymantecCSS'} = 1; # Ditto
2378c2378,2383
< unless ($line =~ /^230/) {
---
> if ($line =~ /^538/) {
> md_syslog('warning', "Bad MIME command: $line");
> $sock->close;
> return(999, 'badmime', 'tempfail');
> }
> unless ($line =~ /^230/) {
and add this to the filter file in filter_begin just before the tempfail
part:
if ($category eq "badmime") {
action_bounce("SYMCScan 538 Malformed Container");
action_quarantine_entire_message("Malformed MIME");
md_syslog('warning', "SYMCScan 538 Malformed MIME: /
code=$code, category=$category, action=$action");
}
return;
Now the maillog get this:
Nov 4 17:08:07 scanmail sendmail[26963]: hA4N87wP026963: Milter: data, /
reject=554 5.7.1 SYMCScan 538 Malformed Container
Which is more accurate than just "problem running virus-scanner"
My question is there any problem in the way that I handled the change??
Any feed back is welcome, as I not that strong with perl, but I learn
fast....
Thanks in advance
Jerry Vonau
More information about the MIMEDefang
mailing list