Re: [Exim] My Exim virus filter

Top Page
Delete this message
Reply to this message
Author: Ken Bailey
Date:  
To: Matthew Byng-Maddick
CC: exim-users
Subject: Re: [Exim] My Exim virus filter
Matthew Byng-Maddick wrote:
> Wouldn't a fair bit of the virus code be outside the limit for the text of
> the bounce which exim will generate. Also, note that in the case of the
> MIME encoding, the return message will not have the relevant headers for
> auto-decoding to work.


Fair points and with return_size_limit at 100K that will probably
cover most, but kakworm, for example, was a lightweight 4116 Bytes so
I wouldn't like to count on that alone.

> > Maybe it would be better to just return the original headers so that
> > the "sender" can verify if the source was really them. You can then
> > produce your stored message as evidence on request.
>
> Personally I like to have a bit of context, especially if it's rejecting
> based on message body content.


Me too, but I think this can be handled as well, if not better, by
appropriate wording of the reject message.

Ken
--
# Ken Bailey, Computer Section,   #    Email: K.Bailey@??? #
# The Royal Botanic Gardens, Kew, #      Tel: +44 (0)20 8332 5729    #
# Richmond, Surrey, TW9 3AE, UK   #      Fax: +44 (0)20 8332 5736    #