Re: [Exim] system_filter let dopplerwide[1].exe through

Startseite
Nachricht löschen
Nachricht beantworten
Autor: John W Baxter
Datum:  
To: exim-users
Betreff: Re: [Exim] system_filter let dopplerwide[1].exe through
At 22:11 -0800 1/1/2003, chris wrote:
>Today i recieved a spam with an exe attachment named dopplerwide[1].exe. It
>came with a jpg as well. I saw one email from the same place get refused
>earlier because of an unsafe attachment


If the .jpg was physically before the problem attachment and was "too big"
then the filter never saw the probem attachment.

How big is "too big"?

Big enough to get beyond the value in your

message_body_visible = n

setting. ( exim -bP message_body_visible will show it to you, for a
sufficiently powerful you )

As n grows so does system resource usage. At some point, you lose that
battle. A real virus scanner is the better way to go (now if would just
quit crashing).

--John

--
John Baxter   jwblist@???      Port Ludlow, WA, USA