Re: [Exim] Problems with sobig ACL :-(

Top Pagina
Delete this message
Reply to this message
Auteur: Avleen Vig
Datum:  
Aan: Wakko Warner
CC: exim-users
Onderwerp: Re: [Exim] Problems with sobig ACL :-(
Thanks for your help Wakko, always appreciated :-)

I think I might stick with the system_filter I munged with other info
from this list:
-----------------------------------------------------
# Exim filter

if $header_Content-type matches "(multipart/mixed)"
then
    if $message_body matches
".*ame(=|:).*\".*\.(your_document.pif|document_all.pif|thank_you.pif|your_details.pif|details.pif|document_9"
    then
        seen finish
    endif
endif


if $header_subject: contains "Re: Your Application"
    or $header_subject: contains "Re: My Details"
    or $header_subject: contains "Re: Details"
    or $header_subject: contains "Your Details"
    or $header_subject: contains "Re: That movie"
    or $header_subject: contains "Re: Wicked screensaver"
    or $header_subject: contains "Re: Details"
    or $header_subject: contains "Re: Thank you!"
    or $header_subject: contains "Thank you!"
    or $header_subject: contains "Re: Approved"
    then
        seen finish
endif
---------------------------------------------------------


That seems to do the trick also, but I don't know if it's any less
efficient than an ACL.. still, it works. Now if I can just make procmail
10 times faster, I'll be set :-))

On Thu, Aug 21, 2003 at 11:11:03AM -0400, Wakko Warner wrote:
> > Can anyone help?
> > This Exim4 ACL doesn't seem to be working - everything gets rejected.
> > I'm sure I'm doing something obviously wrong, but I haven't written
> > ACL's before..
> >
> > check_sobig:
>
> Exactly how are you calling check_sobig?  My experience with it, this should
> suffice:
>     deny    message = Virus infected message (or spam)
>         condition = ${if match{$h_date:}{--}{yes}{no}}

>
> every instance of sobig I've seen so far puts a - before the timezone
> offset. You might want to check for -[-+] instead of -- ...
> Wait, I just saw one that has a proper date header.
>
> Maybe: condition = ${if def:h_X-MailScanner {yes}{no}}
> That's not tested but should work.
> I see: X-MailScanner: Found to be clean
> in every message this virus sends.
>
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Re: My Details} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Re: Details} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Your Details} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Re: That movie} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Re: Wicked screensaver} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Re: Details} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Re: Thank you!} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Thank you!} {yes}{no}}
> >   deny    message       = Virus infected message
> >   condition             = ${if match {$h_subject:}{Re: Approved} {yes}{no}}
> >   accept

> >
> >
> > --
> > Avleen Vig
> > Systems Administrator
> > Personal: www.silverwraith.com
> > EFnet:    irc.mindspring.com (Earthlink user access only)

> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
> >
> --
> Lab tests show that use of micro$oft causes cancer in lab animals
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--
Avleen Vig
Systems Administrator
Personal: www.silverwraith.com
EFnet:    irc.mindspring.com (Earthlink user access only)