Exim People,
Thanks for the quick work at making a filter for this.
This is my first time to try a filter and I must be making some kind of
mistake.
I know that the configure part is good because, when I first implemented
it, my log file complained:
2000-05-04 10:42:38 12nPe2-0002UN-00 Error in message_filter file: quote missing at end of string in line 7
So, I added a back-slash on line 7 and it quit complaining.
I tried a test. I just sent myself the following message, which I
would think the filter would catch, but it slipped right through.
Certainly a copy of the filter contains all the text it's looking for.
Or what am I missing?
Thanks for your help.
Marilyn Davis, Ph.D.
eVote - online polling software for email lists
http://www.deliberate.com
marilyn@???
+1 650 965-7121 (USA)
---------- Forwarded message ----------
Date: Thu, 4 May 2000 10:45:22 -0700 (PDT)
From: Marilyn Davis <marilyn@???>
To: Marilyn Davis <marilyn@???>
Subject: ILOVEYOU
# Exim filter
# ILOVEYOU Virus Filter
if ((($message_body CONTAINS "name=LOVE-LETTER-FOR-YOU.TXT.vbs" or
$message_body CONTAINS "begin 600 LOVE-LETTER-FOR-YOU.TXT.vbs") and
$message_body CONTAINS "kindly check the attached LOVELETTER coming \
from me.") and
$header_subject IS "ILOVEYOU") and not error_message then
logfile /var/spool/exim/log/filter_log
logwrite "$tod_log $message_id \
$sender_address ($sender_host_name[$sender_host_address]) \
=> $recipients (recipients=$recipients_count) \
subject=$header_subject"
fail text "This message possibly contains the VBS.LoveLetter.A (ILOVEYOU) \
virus, please use the newest antivirus packages to check that \
your system is clean. For further information on this virus, \
please read: \n \
http://www.sarc.com/avcenter/venc/data/vbs.loveletter.a.html\n \
http://www.datafellows.com/v-descs/love.htm\n\n \
Thank You"
seen finish
endif
