Re: [Exim] system_filter let dopplerwide[1].exe through

Page principale
Supprimer ce message
Répondre à ce message
Auteur: John W Baxter
Date:  
À: exim-users
Sujet: Re: [Exim] system_filter let dopplerwide[1].exe through
At 22:11 -0800 1/1/2003, chris wrote:
>Today i recieved a spam with an exe attachment named dopplerwide[1].exe. It
>came with a jpg as well. I saw one email from the same place get refused
>earlier because of an unsafe attachment


If the .jpg was physically before the problem attachment and was "too big"
then the filter never saw the probem attachment.

How big is "too big"?

Big enough to get beyond the value in your

message_body_visible = n

setting. ( exim -bP message_body_visible will show it to you, for a
sufficiently powerful you )

As n grows so does system resource usage. At some point, you lose that
battle. A real virus scanner is the better way to go (now if would just
quit crashing).

--John

--
John Baxter   jwblist@???      Port Ludlow, WA, USA