Autor: jpff Fecha: A: exim-users, jpff Asunto: [Exim] (no subject)
Date: Tue, 9 Dec 2003 15:42:44 +0000
Message-ID: <1191-Tue09Dec2003154244+0000-jpff@???>
X-Mailer: emacs 21.3.1 (via feedmail 11-beta-1 I)
From: jpff@???
BCC: jpff@???
To: exim-users@???
Subject: Dealing with executables
I am asking this on behalf of my day job and the system staff....
For some time we have had a system filter derived from Nigel
Metheringham's one to catch Windows executables, and return a polite
message saying that we do not accept raw executables, and please zip
it if the sender really meant to sent it. At some stage, unknown, but
possibly when upgrading to exim4, this ceased to work always. It
works when executables are mailed from inside (we can test that
easily), but we noticed (well actually I noticed and questioned) that
the "Microsoft Security patches" malware was getting through, although
it contains an .exe file.
I suspect that with exim4/exiscan one should use the demime option in
acl_check_content to set acl_m0 and then have a router that fires on
that and does the mail to $return_path in a pipe transport. Is the
accepted way, or is there some simple thing I have missed?