Smith, A.D.
> I have tried this, but some are still getting through ...
> I use exim 4.20 on Solaris 9 with the latest exiscan acl
> 4.20.x patch Unfortunately .pif attachments have been getting
> past exiscan acl and the system_filter. Could this be because
> I'm using the Solaris version of Perl? Should I get the
> latest one from CPAN?
>
> Any help or ideas would be great ;),
I have a Solaris 9 version using Exim-4.22 and exiscan-ACL as well.
I have not yet had a single PIF file get through.
My perl is 5.80.
99% of them are being caught as just plain invalid hostnames without reverse
DNS.
Your list of blacklisted extentions is quite larger than mine though...
deny message = This message contains an unwanted file extension
($found_extension)
demime = bat:bas:chm:cmd:com:eml:lnk:exe:hlp:inf:pif:scr:vbs:vbe
But I am also using ClamAV..
deny message = VIRUS REJECT: This message was found to contain malware
($malware_name)
demime = *
malware = *
The few that got that far were snagged by CLAMAV. I don't recall anything
getting past that, but it is possible the system_filter might be catching
some too.
What I have had get though were a lot of virus warning messages which I just
started tagging in Spam Assassin.
>
> Alex
>
>>Jerry Bell
> Another way I've found to very effectively block most all
> recent viruses is by blocking 'bad' attachments:
>
> deny message = contains $found_extension file (blacklisted).
> demime =
> ade:adp:bas:bat:chm:cmd:com:cpl:crt:exe:hlp:hta:inf:ins:isp:js:j
> se:lnk:mdb:mde:msc:msi:msp:mst:pcd:pif:reg:scr:sct:shs:shb:url:v
> b:vbe:vbs:wsc:wsf:wsh:ADE:ADP:BAS:BAT:CHM:CMD:COM:CPL:CRT:EXE:HL
> P:HTA:INF:INS:ISP:JS:JSE:LNK:MDB:MDE:MSC:MSI:MSP:MST:PCD:PIF:REG
> :SCR:SCT:SHS:SHB:URL:VB:VBE:VBS:WSC:WSF:WSH
