Re: [Exim] Is there an updated antivirus.exim or syst…

Top Page
Delete this message
Reply to this message
Author: Kevin W. Reed
Date:  
To: exim-users
Subject: Re: [Exim] Is there an updated antivirus.exim or system_filter.exim
Oren Levi said:
> Hi there,
>
> Is there an updated link to these files ?
>
> Also i was wondering sometimes i get .pif .ee etc pass through the
> antivirus.exim when there's an html file attached before.


You threw me for a bit with the antivirus.exim part.. I think you are
refering to the system_filter.

> I looked it up on the mailing list, it was mentioned but i didn't
> understand the solution:
>
> http://www.exim.org/mailman/htdig/exim-users/Week-of-Mon-20020617/040169.html


It is talking about the message_body_visible setting in the configure file.

The default is 500.

If the attachment is further down in the body of the message than 500
lines, then it won't see it.

You would be better off IMHO to use exiscan-acl to catch this type of
thing though.

The slew of .exe files (patch.exe) proporting to be a fix from Microsoft
has been discarded gracefully all day without a single one let in with
this type of rule.

        # If the messae contains SCR or PIF we want to Log this
        warn    log_message = DISCARD: ATTACHMENT ($found_extension)
                demime = scr:pif:exe:com


        # and then discard it
        discard demime = scr:pif:exe:com


http://duncanthrax.net/exiscan-acl/

--
Kevin W. Reed - TNET Services, Inc.
Mailing List Account
URL: http://www.tnet.com Support Forums: http://www.tnet.com/forum