Author: Jonathan Vanasco Date: To: Exim-users Subject: Re: [Exim] MyDoom filtering?
Has anyone come up with a pattern to regex against the zipped
attachment?
It just seems so silly to unpack and scan hundreds of attachments that
are coming in for this virus.
I would love an ACL trick that does some flow like this:
deny if demimed attachment regexes true to prevalent virus of the week
deny if demimed / unzipped demimed attachment returns true from pipe to
virus scanning app
accept