diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 18 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 5 |
3 files changed, 26 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 345effd0e..cab1c82dd 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -29810,6 +29810,24 @@ av_scanner = mksd:2 .endd You can safely omit this option (the default value is 1). +.vitem &%sock%& +.cindex "virus scanners" "simple socket-connected" +This is a general-purpose way of talking to simple scanner daemons +running on the local machine. +There are four options: +an address (which may be an IP addres and port, or the path of a Unix socket), +a commandline to send (may include a single %s which will be replaced with +the path to the mail file to be scanned), +an RE to trigger on from the returned data, +an RE to extract malware_name from the returned data. +For example: +.code +av_scanner = sock:127.0.0.1 6001:%s:(SPAM|VIRUS):(.*)\$ +.endd +Default for the socket specifier is &_/tmp/malware.sock_&. +Default for the commandline is &_%s\n_&. +Both regular-expressions are required. + .vitem &%sophie%& .cindex "virus scanners" "Sophos and Sophie" Sophie is a daemon that uses Sophos' &%libsavi%& library to scan for viruses. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 493861fec..04a7ce02e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -54,6 +54,9 @@ JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log JH/06 Log outbound-TLS and port details, subject to log selectors, for a failed delivery. +JH/07 Add malware type "sock" for talking to simple daemon. + + Exim version 4.82 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 04ac831dc..c4de902c0 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -22,6 +22,11 @@ Version 4.83 3. New expansion operator ${utf8clean:string} to replace malformed UTF8 codepoints with valid ones. + 4. New malware type "sock". Talks over a Unix or TCP socket, sending one + command line and matching a regex against the return data for trigger + and a second regex to extract malware_name. The mail spoofile name can + be included in the command line. + Version 4.82 ------------ |