RE: [Exim] exim4.20 + exiscan-patch...

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Brian K. West
Dátum:  
Címzett: 'Margrit Lottmann', exim-users
Tárgy: RE: [Exim] exim4.20 + exiscan-patch...
> We are using sophie as scan software. sophie has (still(?))
> problems with some attachments, for example: splitted
> multivolume archives, encrypted files, unsupported file
> types. If sophie is down, the module returns a temporary error.


Multivolume, you have no way to catch this. You can reject them with
exiscan's demime facility.

Encrypted files.... Well if you could open and scan encrypted files, then
whats the point of encryption?
(Bet the FBI would love to have a magic scanner that could read encrypted
files)

Unsupported file types... Can you give some more info on that?

> For all these cases we want accept the received email and
> send it (+warning header) to the given recipient(s). Only
> infected emails we want reject.
>
> But: What can I do this with our 4.20 version ???
>


This is what I use with 4.20 .. I reject infected messages.

acl_check_content:

  deny        message        = This message contains a MIME error
($demime_reason)
            demime        = *
            condition        = ${if

>{$demime_errorlevel}{2}{1}{0}}


  deny        message        = This message contains an unwanted file
extension ($found_extension)
            demime        = scr:vbs:bat:lnk:pif


  warn        message        = X-Infected: $malware_name
            malware        = *


  accept        condition        = ${if or
{{eq{$received_protocol}{esmtp}}{eq{$received_protocol}{smtp}}}{0}{1}}


  warn        message        = X-Spam-Flag: YES
            spam            = nobody:true
            condition        = ${if

>{$spam_score_int}{37}{1}{0}}

  warn        message        = X-Spam-Score: $spam_score ($spam_bar)
            spam            = nobody:true
  warn        message        = X-Spam-Report: $spam_report
            spam            = nobody:true
            condition        = ${if

>{$spam_score_int}{37}{1}{0}}


> May I have to write a condition to check the $malware_name content ???


Shouldn't have to.

> At the older 4.1.. version I had changed 2 source files of
> the exiscan-part....to get the success: temporary errors -> warning
>                     only infected emails -> rejecting


If Sophie is giving you problems.. Switch to something like clamav/clamd
since its usually faster than any comercial scanner on the market.

bkw