RE: [Exim] exim4.20 + exiscan-patch...

Página Inicial
Esta mensagem é parte da seguinte discussão:
MÁrvore completa da discussão ordenada por data
MBrian K. West em <-
M 
Delete this message
Reply to this message
Autor: Brian K. West
Data:  
Para: 'Brian K. West', 'Margrit Lottmann', exim-users
Assunto: RE: [Exim] exim4.20 + exiscan-patch...
I ment to say I warn infected files.. No reject them! :P

My bad!

bkw

> -----Original Message-----
> From: exim-users-admin@???
> [mailto:exim-users-admin@exim.org] On Behalf Of Brian K. West
> Sent: Tuesday, June 10, 2003 9:04 AM
> To: 'Margrit Lottmann'; exim-users@???
> Subject: RE: [Exim] exim4.20 + exiscan-patch...
>
>
> > We are using sophie as scan software. sophie has (still(?))
> problems
> > with some attachments, for example: splitted multivolume archives,
> > encrypted files, unsupported file types. If sophie is down,
> the module
> > returns a temporary error.
>
> Multivolume, you have no way to catch this. You can reject
> them with exiscan's demime facility.
>
> Encrypted files.... Well if you could open and scan encrypted
> files, then whats the point of encryption? (Bet the FBI would
> love to have a magic scanner that could read encrypted
> files)
>
> Unsupported file types... Can you give some more info on that?
>
> > For all these cases we want accept the received email and send it
> > (+warning header) to the given recipient(s). Only infected
> emails we
> > want reject.
> >
> > But: What can I do this with our 4.20 version ???
> >
>
> This is what I use with 4.20 .. I reject infected messages.
>
> acl_check_content:
>
>   deny        message        = This message contains
> a MIME error
> ($demime_reason)
>             demime        = *
>             condition        = ${if
> >{$demime_errorlevel}{2}{1}{0}}

>
>   deny        message        = This message contains
> an unwanted file
> extension ($found_extension)
>             demime        = scr:vbs:bat:lnk:pif

>
>   warn        message        = X-Infected: $malware_name
>             malware        = *

>
>   accept        condition        = ${if or
> {{eq{$received_protocol}{esmtp}}{eq{$received_protocol}{smtp}}}{0}{1}}

>
>   warn        message        = X-Spam-Flag: YES
>             spam            = nobody:true
>             condition        = ${if
> >{$spam_score_int}{37}{1}{0}}
>   warn        message        = X-Spam-Score:
> $spam_score ($spam_bar)
>             spam            = nobody:true
>   warn        message        = X-Spam-Report: $spam_report
>             spam            = nobody:true
>             condition        = ${if
> >{$spam_score_int}{37}{1}{0}}

>
> > May I have to write a condition to check the $malware_name
> content ???
>
> Shouldn't have to.
>
> > At the older 4.1.. version I had changed 2 source files of the
> > exiscan-part....to get the success: temporary errors -> warning
> >                     only infected emails -> rejecting

>
> If Sophie is giving you problems.. Switch to something like
> clamav/clamd since its usually faster than any comercial
> scanner on the market.
>
> bkw
>
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-> users Exim details
> at http://www.exim.org/ ##
>
>



Esta mensagem foi enviada para as seguintes listas:
Exim-users
Informações da lista | Mensagens recentes		<-[Exim] Re: Weird DNS lookup problem with exim-4.20Re: [Exim] exim internal bounces????->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versão 2.3)