When using the Exim MTA in conjunction with Sophos Anti-Virus (SAV) for UNIX/Linux for the purpose of mail scanning, all files that are scanned are reported as being infected.
This occurs if you have installed the Sophos Virus Identity (IDE) file called Foundu-a.ide, which was released on 24th October 2006.
Customers using the Sophie daemon to interface with Sophos should not be affected by this issue.
Applies to the following Sophos products and versions Sophos Anti-Virus for Windows 2000+
You must modify the Exim user script that calls the command line version of Sophos Anti-Virus for UNIX and then scan the output for the string found.
The script is designed to show when a virus is found when scanning a file and then matching the string found in the output.
Virus 'W32/Magistr-B' found in file ./example.sh
When the sweep command line scanner scans a file, it first loads the virus data and IDE files, which are then listed on screen. This means that the script in Exim that is looking for the string found will always succeed, therefore every single file that is scanned will be declared as infected.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.