On Tuesday, Sep 30, 2003, at 13:37 Europe/London, Pavel Gulchouck wrote:
> Due to Win32.HLLM.Gibe.2 virus here's too much load,
<snip>
> so I need drop a big part of this mail as victum.
> I decide to deny all message with size more then 50K and messages
> without SIZE specified in MAIL command. In this case I deny all
> viruses
Pavel
i see that HLLM.Gibe.2 (also kown as Swen?) has its own smtp engine
is there any reason why you cant just reject any and all exe
attachments? (and many others)
at smtp time using exim compiled with exiscan-acl patch?
###########################################
# ACL CONFIGURATION
# Specifies access control lists for incoming SMTP mail
###########################################
begin acl
acl_check_rcpt:
.
.
<snip>
.
.
deny message = This message contains a MIME error ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains a nasty evil file extension
($found_extension)
demime = vbe:vbs:vbx:wsf:wsh:exe:com:cmd:shs:hta:bat:scr:lnk:pif
