Hi,
I have implemented (like a lot of admins) a form of LoveLetter virus
system filter. I'm not using the generic VBS attachment script as we
need to allow a number of attachments through. However, my system filter
is causing the following entries in the Exim panic log
<<<paniclog>>>
2000-05-04 14:25:36 12nLdG-0007en-00 Error in message_filter file:
unknown filtering command "ILOVEYOU"" near line 20 of filter file
2000-05-04 14:25:47 12nLdT-0007ep-00 Error in message_filter file:
unknown filtering command "ILOVEYOU"" near line 20 of filter file
<<<end PANICLOG>>>
The system filter is (between <<>> and <<>>)
<<<system-filter>>>
# Exim filter
#
############
#
# SYSTEM FILTER file for Exim at Wye College
#
# First created: Thu 4 May 2000
# Reason: To combat ILOVEYOU worm
# Created by: David Hayling
# Version: 2.5
# Date: 2000/05/08
#
##########
#
if ($h_subject: begins "ILOVEYOU" or
$h_subject: contains "vakara" or
$h_subject: is "fwd: Joke" or
$h_subject: is "Dangerous Virus Warning" or
$h_subject: is "Important ! Read carefully !!" or
$h_subject: contains "protect yourself from the" or
$h_subject: contains "flying with arab airlines" or
$h_from: contains "support@???" or
$h_subject: contains "Mothers Day Order Confirmation"
) and not error_message
then
fail text "You appear to have a virus.\n\
(see http://www.datafellows.com/v-descs/love.htm)\n\
If not please email postmaster@???\n\
using SYS FILTER as the subject line. In the body of the message\n\
include your name, email address, who you are trying to contact\n\
and what you are trying to send."
endif
<<<end of system-filter>>>
I have used the exim -bF option to test this file with various test
messages and they all appear to be OK. For example if I feed it a
message with ILOVEYOU in the subject line the result is:
Fail text "You appear to have a virus.
(see
http://www.datafellows.com/v-descs/love.htm)
If not please email postmaster@???
using SYS FILTER as the subject line. In the body of the message
include your name, email address, who you are trying to contact
and what you are trying to send."
Filter processing ended:
Filtering did not set up a significant delivery.
Normal delivery will occur.
And if I feed it an OK msg then the result is:
Filter processing ended:
Filtering did not set up a significant delivery.
Normal delivery will occur.
Can anyone kindly tell me what is causing the entries in my exim
paniclog.
TIA
David
---------------------------------
David Hayling
Network Manager
Wye College, University of London
email: d.hayling@???
---------------------------------
