more details for sock scan

Hi,

we use AVAST Linux on our Linux Mail server since years. Since a few weeks we found reports into exim log file (mainlog) like this:

2024-02-13 10:58:19 1rZpXQ-0008lI-Sx malware acl condition: avast /var/run/avast/scan.sock : SCAN /var/spool/exim4/scan/1rZpYQ-0006lI-Sy/1rZpXQ-0008lI-Sx.eml … temporarily rejected after DATA

Is it possible to get more details for this condition, at least the malware name? Or move it to an quarantine folder?

System: Debian 10, Exim 4.94.2 and AVAST 4.4.0-1~debian10

Thanxs.
Thomas

Hi, this seems to be Exim log message. I cannot help you with that without having detailed description of how this integration with Exim works.

Avast’s scan socket is documented in avast-protocol(5) manual page (see also in https://repo.avcdn.net/linux-av/doc/avast-techdoc.pdf). The SCAN command has response with virus name etc. This needs to be processed to get the information.