On 01 June 2002, dman said:
> The only identifying feature of this mail is the (rather worthless)
> body :
>
> | *** A virus was detected by the security administrator; this message was
> | discarded ***
Yes, it's somewhat less than helpful.
> Was this really split on 2 lines in the original? If so that makes it
> a bit more complicated ... hmm, not much since exim compresses
> newlines into whitespace, a regex could easily handle that (but it
> would get ugly fast if you allow for variations in the line breaks).
No, I munged it. Oops.
> In the "data" acl :
>
> deny condition = ${if contains {$message_body} {"*** A virus was detected by the security administrator; this message was discarded ***"} {1}{0}}
> message = "I hate stupid virus alerts. I don't have a virus, don't alert me!"
But that only protects against this one particular stupid virus
detector. This is not the first one I've seen that, when sending a
virus warning to X@???, forges a sender of
postmaster@???. That's just so utterly completely wrong that I
want to ban it completely. My original ACL:
deny hosts = !127.0.0.1
senders = postmaster@???:\
postmaster@???:\
webmaster@???:\
webmaster@???
message = forged sender address
seems to work just fine, although I do plan to elaborate it somewhat.
Greg
--
Greg Ward - software developer gward@???
MEMS Exchange http://www.mems-exchange.org
