Re: [Exim] System_filter not working right

If you add:
return_size_limit = 4K

Wouldnt it prevent accidental spread ?

Oren.


> The reason why it should not be used is that it generates a bounce
> message to the *forged* *sender* in the infected message and includes
> the virus in the bounce. In other words, system_filter is almost as
> efficent at spreading the virus as the virus itself. Not to mention the
> fact that you're spamming innocent third parties with bounces to
> messages they never sent.
>
> As a data point: back when SoBig.F first broke out, Exim+Exiscan did a
> WONDERFUL job of stopping the virus itself. But what was a bigger pain
> than dealing with the virus was the HUNDREDES of bounces that were
> delivered into user's INBOXes, many of them containing a copy of the
> virus. The system_filter script was one of the biggest sources of these
> bounces.
>
> If you're interested in stopping Windows executables from being
> transmitted though your mail servers, I *strongly* recommend that you
> patch your Exim installs with Exiscan
> (http://duncanthrax.net/exiscan-acl) and use the content filtering
> capabilities Exim gains to reject the executables while the sending host