I am at a medium sized company looking to filter viri out of email on our
exim server. The typical sceniro is the company can not justify paying for
virus software for this email server. The person who set this email server
up is no longer with us. Here is the filter that I used to block viri. Any
suggestions on how to get this to run on version 3.02 or higher would be
greatly appreciated. It is blocking any text contained in the email message
and attachments, as well. Thank you for any help with this. Deanna
# Exim filter
if not first_delivery
then
finish
endif
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename
[content_type_quoted_fn_match]
if $header_content-type: matches
"(?:file)?name=<\"[^\"]+\\\\.(?:vb[se]|ws][fh]|jse?|exe|com|cmd|shs|hta|bat|
scr|lnk|pif)\")"
then
deliver possibleviri@??? errors_to root@???
finish
endif
#same again using unquoted filename [content_type_unquoted_fn_match]
if $header_Content-type matches
"(?:file)?name=(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr
|lnk|pif))?"
then
deliver possibleviri@??? errors_to root@???
finish
endif
if $header_Content-type matches "(multipart/mixed|application\octet-steam)"
then
if $header_Content-Disposition matches "(attachment|inline)"
then
if $message_body matches ".*ame(=|:).*\".*\.(vbs|wsf|exe)\""
then
delivery spam@??? errors_to root@???
finish
endif
endif
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
http://www.grisoft.com).
Version: 6.0.525 / Virus Database: 322 - Release Date: 10/9/2003