My first attempt at sending this message was unsucessful, someone
obviously has worked out the issues I am taking about:
> exim-users@???:
> This message has been rejected because it has
> a potentially executable attachment "Navidad.exe"
> This form of attachment has been used by
> recent viruses such as that described in
> http://www.fsecure.com/v-descs/love.htm
> If you meant to send this file then please
> package it up as a zip file and resend it.
Hopefully my original message will get through :-| I've dotted out
the evil word in the message below in an attempt to avoid the virus
filter.
> After reading some of the messages on the list I thought I'd
> implement a system filter.
>
> Quite a few of our users have been getting the navidad virus lately so
> I thought I'd try the following:
>
>
> #Exim Filter
> if
> ( $h_content-type: contains "Navidad.exe" or
> $h_content-disposition: contains "Navidad.exe" )
> and not error_message
> then
> fail "Message rejected due to virus risk."
> endif
>
> I know it's being run because it exim complained when I had the
> keywords wrong in the filter. Whether it's right now I don't know, but
> my test messages from mutt are not being caught. The mutt messages
> are structured as follows:
>
> In the headers:
> ...
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="tKW2IUtsqtDRztdT"
> Content-Disposition: inline
> ...
>
> In the body:
> ...
> Content-Type: application/x-msdos-program
> Content-Disposition: attachment; filename="Navi......."
> ...
>
> My guess is that the attachment is not matched because it appears in
> the body with no mention of it in the headers, is this right? If so,
> is there no way to fail certain attchments using header matching in
> the system filter? How do I match text in the body?
>
>
