Hello everyone,
I have completed a relaunch of the exiscan patch that brings it more in
line with the style in which exim 4 handles message accepts.
The new patch does not use the local_scan() API any more. Instead, it
fits right into the exim4 ACL scheme, allowing much more flexibility.
It adds a number of ACL conditions that can be used in the ACL after
DATA, to do virus scanning, spam scoring, regular expression matching
and file extension filtering.
This is the first release of the new patch, and it is not announced on
my exiscan page yet. I would like to invite the notorious recompilers
and bleeding-edgers to try it out :). You can expect it to be pretty
stable (I'm running it myself :) ).
I would also like to invite those who have contributed the support for
the clamd, openav and mksd virus scanners to look into malware.c and add
their code again. In this first release, I have only included
commandline, sophie and kavdaemon. I don't have the time for the others,
currently.
You can get the new patch here:
http://duncanthrax.net/exiscan-acl/
Make sure you read the spec file !
Finally, here is a configuration snippet that should give you an idea of
what the "new" style is all about:
---------------------------- snip ------------------------------
acl_check_content:
# First unpack MIME containers and reject serious errors.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
deny message = This message contains an unwanted file extension
($found_extension)
demime = src:vbs:bat:lnk:pif
# Reject virus infested messages.
deny message = This message contains malware ($malware_name)
malware = *
# Reject messages containing "viagra" in all kinds of whitespace/case
combinations
# WARNING: this is an example !
deny message = This message matches a blacklisted regular expression
($regex_match_string)
regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]
# Always add X-Spam-Score and X-Spam-Report headers, using SA
system-wide settings
# (user "nobody"), no matter if over threshold or not.
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
# Add X-Spam-Flag if spam is over system-wide threshold
warn message = X-Spam-Flag: YES
spam = nobody
# Reject spam messages with score over 10, using an extra condition.
deny message = This message scored $spam_score points. Congratulations!
spam = nobody:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
# finally accept all the rest
accept
--------------------------snip-------------------------------------
regards,
/tom
