Re: [Exim] My Exim virus filter

Top Page
Delete this message
Reply to this message
Author: Ken Bailey
Date:  
To: Greg Ward
CC: exim-users
Subject: Re: [Exim] My Exim virus filter
Greg Ward wrote:
> Hi all --
>
> I've finally put up a web page where people can find my Exim virus
> filter; I refer to it occasionally on this list, and usually get a
> handful of messages from folks who'd like a copy. So I figured I'd give
> it a home on the web, some instructions, etc. The URL is:
>
> http://starship.python.net/~gward/exim/
>
> This filter is derived from Nigel's Generic Windows Executable Content
> filter; see the web page for details.


Thanks for sharing this.

I query the wisdom of using "return message".

In the event that a trojan forges the sender address (eg using valid
address book entries), surely you risk sending a live virus 'back' to
an innocent member of the infected sender's address book?

Maybe it would be better to just return the original headers so that
the "sender" can verify if the source was really them. You can then
produce your stored message as evidence on request.


Ken
--
# Ken Bailey, Computer Section,   #    Email: K.Bailey@??? #
# The Royal Botanic Gardens, Kew, #      Tel: +44 (0)20 8332 5729    #
# Richmond, Surrey, TW9 3AE, UK   #      Fax: +44 (0)20 8332 5736    #