> We are using sophie as scan software. sophie has (still(?))
> problems with some attachments, for example: splitted
> multivolume archives, encrypted files, unsupported file
> types. If sophie is down, the module returns a temporary error.
Multivolume, you have no way to catch this. You can reject them with
exiscan's demime facility.
Encrypted files.... Well if you could open and scan encrypted files, then
whats the point of encryption?
(Bet the FBI would love to have a magic scanner that could read encrypted
files)
Unsupported file types... Can you give some more info on that?
> For all these cases we want accept the received email and
> send it (+warning header) to the given recipient(s). Only
> infected emails we want reject.
>
> But: What can I do this with our 4.20 version ???
>
This is what I use with 4.20 .. I reject infected messages.
acl_check_content:
deny message = This message contains a MIME error
($demime_reason)
demime = *
condition = ${if
>{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains an unwanted file
extension ($found_extension)
demime = scr:vbs:bat:lnk:pif
warn message = X-Infected: $malware_name
malware = *
accept condition = ${if or
{{eq{$received_protocol}{esmtp}}{eq{$received_protocol}{smtp}}}{0}{1}}
warn message = X-Spam-Flag: YES
spam = nobody:true
condition = ${if
>{$spam_score_int}{37}{1}{0}}
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = nobody:true
warn message = X-Spam-Report: $spam_report
spam = nobody:true
condition = ${if
>{$spam_score_int}{37}{1}{0}}
> May I have to write a condition to check the $malware_name content ???
Shouldn't have to.
> At the older 4.1.. version I had changed 2 source files of
> the exiscan-part....to get the success: temporary errors -> warning
> only infected emails -> rejecting
If Sophie is giving you problems.. Switch to something like clamav/clamd
since its usually faster than any comercial scanner on the market.
bkw
