>deny message = This message contains an unwanted file extension \
> ($found_extension)
> demime = pif:exe:com:scr:vbs
What I have done was put this in the system-filter.
Doesn't this have the same effect.
/etc/mail/system-filter
if $header_content-type: matches
"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hl
p|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]
|ws[fhc])\")"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
Endif
-----Original Message-----
From: Jez Hancock [
mailto:jez.hancock@munk.nu]
Sent: Wednesday, September 03, 2003 4:33 PM
To: 'exim-users@???'
Subject: Re: [Exim] Bombarded by pif attachments
On Wed, Sep 03, 2003 at 03:47:22PM -0500, Segree, Gareth wrote:
> I have been bombarded with pif attachments over the past week. How can
> I do the following
> 1) tell exim not to launch spam assassin for mails > than a certail
> size
Add a condition:
condition = ${if <{$message_size}{80k}{1}{0}}
before the part that launches SA.
> 2) delete mails with pif/exe/com/scr/vbs attachments
Add this to your acl_smtp_data acl to deny messages with those
attachments:
deny message = This message contains an unwanted file extension \
($found_extension)
demime = pif:exe:com:scr:vbs
You might want to add 'bat:lnk' to the end of the list as well - someone
posted a comprehensive list on here a few weeks ago.
--
Jez
http://www.munk.nu/
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim
details at
http://www.exim.org/ ##
