[...]
> I note that the current exiscan docs have as an example:
>
> deny message = This message contains malware ($malware_name)
> demime = *
> malware = *
[...]
> Are you suggesting that the ACL action should be an accept/freeze,
> rather than a deny?
As others have said, 'deny' is the right thing to do. But just to give
everyone a laugh - I was using accept/freeze last night to trap an example
of a particular virus. Worked a treat - until auto_thaw kicked in later
:-(
Actually, going further OT ... in exiscan-acl-spec.txt (-14) there is a
nice example:-
# Freeze .exe and .doc files. Postmaster can
# examine them and eventually thaw them up.
deny log_message = Another $found_extension file.
demime = exe:doc
control = freeze
which really ought to be an 'accept', I believe.
HTH,
Richard
