Oren Levi said:
> Hi there,
>
> Is there an updated link to these files ?
>
> Also i was wondering sometimes i get .pif .ee etc pass through the
> antivirus.exim when there's an html file attached before.
You threw me for a bit with the antivirus.exim part.. I think you are
refering to the system_filter.
> I looked it up on the mailing list, it was mentioned but i didn't
> understand the solution:
>
> http://www.exim.org/mailman/htdig/exim-users/Week-of-Mon-20020617/040169.html
It is talking about the message_body_visible setting in the configure file.
The default is 500.
If the attachment is further down in the body of the message than 500
lines, then it won't see it.
You would be better off IMHO to use exiscan-acl to catch this type of
thing though.
The slew of .exe files (patch.exe) proporting to be a fix from Microsoft
has been discarded gracefully all day without a single one let in with
this type of rule.
# If the messae contains SCR or PIF we want to Log this
warn log_message = DISCARD: ATTACHMENT ($found_extension)
demime = scr:pif:exe:com
# and then discard it
discard demime = scr:pif:exe:com
http://duncanthrax.net/exiscan-acl/
--
Kevin W. Reed - TNET Services, Inc.
Mailing List Account
URL:
http://www.tnet.com Support Forums:
http://www.tnet.com/forum