[Exim] Announce: exiscan-acl patch (scanning in the DATA ACL…

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: exiscan, Exim-Users@Exim. Org
Subject: [Exim] Announce: exiscan-acl patch (scanning in the DATA ACL)
Hello everyone,

I have completed a relaunch of the exiscan patch that brings it more in
line with the style in which exim 4 handles message accepts.
The new patch does not use the local_scan() API any more. Instead, it
fits right into the exim4 ACL scheme, allowing much more flexibility.

It adds a number of ACL conditions that can be used in the ACL after
DATA, to do virus scanning, spam scoring, regular expression matching
and file extension filtering.

This is the first release of the new patch, and it is not announced on
my exiscan page yet. I would like to invite the notorious recompilers
and bleeding-edgers to try it out :). You can expect it to be pretty
stable (I'm running it myself :) ).

I would also like to invite those who have contributed the support for
the clamd, openav and mksd virus scanners to look into malware.c and add
their code again. In this first release, I have only included
commandline, sophie and kavdaemon. I don't have the time for the others,
currently.

You can get the new patch here:

http://duncanthrax.net/exiscan-acl/

Make sure you read the spec file !

Finally, here is a configuration snippet that should give you an idea of
what the "new" style is all about:

---------------------------- snip ------------------------------
acl_check_content:

   # First unpack MIME containers and reject serious errors.
   deny  message = This message contains a MIME error ($demime_reason)
         demime = *
         condition = ${if >{$demime_errorlevel}{2}{1}{0}}


   # Reject typically wormish file extensions. There is almost no
   # sense in sending such files by email.
   deny  message = This message contains an unwanted file extension
($found_extension)
         demime = src:vbs:bat:lnk:pif


   # Reject virus infested messages.
   deny  message = This message contains malware ($malware_name)
         malware = *


   # Reject messages containing "viagra" in all kinds of whitespace/case
combinations
   # WARNING: this is an example !
   deny  message = This message matches a blacklisted regular expression
($regex_match_string)
         regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]


   # Always add X-Spam-Score and X-Spam-Report headers, using SA
system-wide settings
   # (user "nobody"), no matter if over threshold or not.
   warn  message = X-Spam-Score: $spam_score ($spam_bar)
         spam = nobody:true
   warn  message = X-Spam-Report: $spam_report
         spam = nobody:true


   # Add X-Spam-Flag if spam is over system-wide threshold
   warn message = X-Spam-Flag: YES
        spam = nobody


   # Reject spam messages with score over 10, using an extra condition.
   deny  message = This message scored $spam_score points. Congratulations!
         spam = nobody:true
         condition = ${if >{$spam_score_int}{100}{1}{0}}


# finally accept all the rest
accept
--------------------------snip-------------------------------------


regards,

/tom