Author Topic: more details for sock scan  (Read 1692 times)

0 Members and 2 Guests are viewing this topic.

Offline linux4n6

  • Newbie
  • *
  • Posts: 1
more details for sock scan
« on: February 13, 2024, 03:08:49 PM »
Hi,

we use AVAST Linux on our Linux Mail server since years. Since a few weeks we found reports into exim log file (mainlog) like this:

> 2024-02-13 10:58:19 1rZpXQ-0008lI-Sx malware acl condition: avast /var/run/avast/scan.sock : SCAN /var/spool/exim4/scan/1rZpYQ-0006lI-Sy/1rZpXQ-0008lI-Sx.eml ... temporarily rejected after DATA

Is it possible to get more details for this condition, at least the malware name? Or move it to an quarantine folder?

System: Debian 10, Exim 4.94.2 and AVAST 4.4.0-1~debian10

Thanxs.
Thomas

Offline Radek Brich

  • Developer (Linux AV, Mac AV)
  • Avast team
  • Jr. Member
  • *
  • Posts: 56
Re: more details for sock scan
« Reply #1 on: April 25, 2024, 10:18:02 AM »
Hi, this seems to be Exim log message. I cannot help you with that without having detailed description of how this integration with Exim works.

Avast's scan socket is documented in avast-protocol(5) manual page (see also in https://repo.avcdn.net/linux-av/doc/avast-techdoc.pdf). The SCAN command has response with virus name etc. This needs to be processed to get the information.