[Exim] Re: system filter stuff

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Alex King
Dátum:  
Címzett: exim-users
Tárgy: [Exim] Re: system filter stuff
My first attempt at sending this message was unsucessful, someone
obviously has worked out the issues I am taking about:

>   exim-users@???:
>     This message has been rejected because it has
>     a potentially executable attachment "Navidad.exe"
>     This form of attachment has been used by
>     recent viruses such as that described in
>     http://www.fsecure.com/v-descs/love.htm
>     If you meant to send this file then please
>     package it up as a zip file and resend it.


Hopefully my original message will get through :-| I've dotted out
the evil word in the message below in an attempt to avoid the virus
filter.

> After reading some of the messages on the list I thought I'd
> implement a system filter.
>
> Quite a few of our users have been getting the navidad virus lately so
> I thought I'd try the following:
>
>
> #Exim Filter
> if
>         ( $h_content-type: contains "Navidad.exe" or
>                 $h_content-disposition: contains "Navidad.exe" )
>                 and not error_message
> then
>         fail "Message rejected due to virus risk."
> endif

>
> I know it's being run because it exim complained when I had the
> keywords wrong in the filter. Whether it's right now I don't know, but
> my test messages from mutt are not being caught. The mutt messages
> are structured as follows:
>
> In the headers:
> ...
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="tKW2IUtsqtDRztdT"
> Content-Disposition: inline
> ...
>
> In the body:
> ...
> Content-Type: application/x-msdos-program
> Content-Disposition: attachment; filename="Navi......."
> ...
>
> My guess is that the attachment is not matched because it appears in
> the body with no mention of it in the headers, is this right? If so,
> is there no way to fail certain attchments using header matching in
> the system filter? How do I match text in the body?
>
>