Re: [Exim] W32/Sircam worm

Top Page
Delete this message
Reply to this message
Author: Chris Bayliss
Date:  
To: Felipe
CC: woods, exim-users
Subject: Re: [Exim] W32/Sircam worm
We are experiencing problems and use a slightly modified system filter
from the standard one which archives copies of rejected email so that we
can look for false negatives following customer queries.

Firstly we didn't scan for .lnk. This has been corrected.

Secondly, the archive got big. Once it exceeded a certain size exim
behaved in an unpreditable way (possible bug?). The filter detected
the message, sent the errror message and issued the following error.

23:58:58 15PB8h-0006Rm-00 == /usr/local/home/exim/Mail/suspect <message filter> T=archive defer (27): File too large: error while writing to /usr/local/home/exim/Mail/suspect

The message was then delivered to the recipient.

I started a new arcive file and all went quiet for a while. My helpdesk
have now forwarded an example which is not picked up by the filters.
This contains a % in the filename. I'm not a perl expert. Is this likely
to be the reason why the filter does not pick the file up?

Chris Bayliss
TSG IS ICSD The University of Birminghsm