[Exim] system_filter let dopplerwide[1].exe through

Top Page
Delete this message
Reply to this message
Author: chris
Date:  
To: exim-users
Subject: [Exim] system_filter let dopplerwide[1].exe through
Today i recieved a spam with an exe attachment named dopplerwide[1].exe. It
came with a jpg as well. I saw one email from the same place get refused
earlier because of an unsafe attachment
##
2003-01-01 16:28:54 18TtEA-000O5u-00 <= bmaty@???
H=(mta3.adelphia.net) [64.8.50.181] P=esmtp S=148679
id=20030102005241.USLR1364.mta3.adelphia.net@Jydwpap
2003-01-01 16:28:54 18TtEA-000O5u-00 cancelled by system filter: This
message has been rejected because it has\n        a potentially executable
at
tachment Toibh.pif\n    This form of attachment has been used by\n
recent viruses such as that described in\n      http://www.fsecure.com/v-de
scs/love.htm\n  If you meant to send this file then please\n    package it
up as a zip file and resend it.
 ##
the second one made it through
##
2003-01-01 19:34:57 18Tw8D-000OGq-00 <= bmaty@???
H=(mta8.adelphia.net) [64.8.50.196] P=esmtp S=168918
id=20030102035853.RDMK4741.mta8.ade
lphia.net@Yeutuvoa
2003-01-01 19:34:57 18Tw8D-000OGq-00 => chris <chris@???> R=localuser
T=local_delivery S=168953
##


the mailing list is down right now and I could not find anything in the
yahoo group or google so sorry if this is old stuff. It might be in the
change log but I didnt really see anything. I also upgraded from 0.10 to
0.17 exim_filter.exim. I tried sending the attachment through before and
after the filter upgrade and it was refused every time. Im running 4.10.



--CH