Re: [Exim] Encrypted Viruii

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: Ron McKeating
CC: Dennis Davis, Exim-Users (E-mail)
Subject: Re: [Exim] Encrypted Viruii
Ron McKeating wrote:

> Surely this attachment is mime encoded and we could detect it with the
> mime acl in exiscan ?


*MIME ACL Advertisement!*

You can process the contents of the ZIP files in the MIME ACL like this:

deny message = Blacklisted file type found in .zip file ($acl_m0)
      condition = ${if match \
                       {${lc:$mime_filename}}\
                       {\N(?i)\.zip\N} {1}{0}}
      decode = zipfile.zip
      set acl_m0 = ${run {check_zip.sh $mime_decoded_filename}}
      condition = $runrc


The check_zip.sh should be a script that returns zero if the .zip
(passed as command line argument) is OK, and >0 if the .zip is stinky.
It can additionally return stuff on STDOUT that will end up in $acl_m0
for further processing (or, in this case, acts as a human-readable error
message).

/tom