Nigel Metheringham [2/4/2004 8:15 PM] :
> Its gone.
> However is it in debian's exim3 packages or other similar sources?
> If so can we get it removed as a security fix?
Speak of the devil. Somebody got a characteristic exim_filter /
system_filter bounce from an antique cpanel install of exim 4.24 (taht's
another place you can look for old copies still in production).
Forwarded the bounce to Dave Farber's list as "an example of how
clueless spam filters can be"
My reply to IP is below ... though thanks to some kind of mental block I
kept calling it exim_filter instead of system_filter
> Dave Farber [2/4/2004 8:13 PM] :
>
>> Below is an example of one of two things:
>>
>> 1> .zip files do NOT and can NOT contain viri or other forms of malware, or
>>
>> 2> anti-spam software is teaching the bad guys how to get around and past the
>> anti-spam software.
>
>
>
> Actually, this is an indication that the exim mailserver below is configured with an ancient "exim_filter" script, use of which has long been deprecated in favor of other methods of filtering, such as exiscan_acl (http://duncanthrax.net/exiscan-acl/)
>
> Back when exim_filter was in use (abuot two years back?) virii that came in zips, or even password protected zips, weren't all that common. And this particular exim_filter treats attachments with the .eml extension (like stuff forwarded as an attachment by outlook) as malware.
>
>>>> epsiloncl4.hostspectrum.com with local (Exim 4.24)
>
> Your friend's webhost just has to upgrade his exim version, and use exiscan-acl instead of the old exim_filter script.
>
> BTW, exim / http://www.exim.org is a really good GPL'd mailserver, the default mailserver supplied with the cpanel webhosting application (and with debian linux).
>
> srs
>
