[Exim] System Filter help

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Deanna Neider
Data:  
Para: exim-users
Assunto: [Exim] System Filter help
I am at a medium sized company looking to filter viri out of email on our
exim server. The typical sceniro is the company can not justify paying for
virus software for this email server. The person who set this email server
up is no longer with us. Here is the filter that I used to block viri. Any
suggestions on how to get this to run on version 3.02 or higher would be
greatly appreciated. It is blocking any text contained in the email message
and attachments, as well. Thank you for any help with this. Deanna

# Exim filter
if not first_delivery
then
finish
endif

# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename
[content_type_quoted_fn_match]
if $header_content-type: matches
"(?:file)?name=<\"[^\"]+\\\\.(?:vb[se]|ws][fh]|jse?|exe|com|cmd|shs|hta|bat|
scr|lnk|pif)\")"
then
    deliver possibleviri@??? errors_to root@???
    finish
endif
#same again using unquoted filename [content_type_unquoted_fn_match]
if $header_Content-type matches
"(?:file)?name=(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr
|lnk|pif))?"
then
    deliver possibleviri@??? errors_to root@???
    finish
endif
if $header_Content-type matches "(multipart/mixed|application\octet-steam)"
then
 if $header_Content-Disposition matches "(attachment|inline)"
 then
     if $message_body matches ".*ame(=|:).*\".*\.(vbs|wsf|exe)\""
    then
      delivery spam@??? errors_to root@???
      finish
    endif
  endif



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.525 / Virus Database: 322 - Release Date: 10/9/2003