Re: [Exim] Encrypted Viruii

Etusivu
Poista viesti
Vastaa
Lähettäjä: Chris Edwards
Päiväys:  
Vastaanottaja: Rossz Vamos-Wentworth
Kopio: Exim-users
Aihe: Re: [Exim] Encrypted Viruii
On Thu, 4 Mar 2004, Rossz Vamos-Wentworth wrote:

| How would I detect a passworded archive with Exiscan-ACL? I figure I'd
| set something like "X-Scanned: No" in the header and use a system filter
| to make the subject change.


You can recognise encrypted zip attachments from the Base64 encoding like
this:

condition = ${if match{$message_body:}{ UEsDB....[Q-Za-fw-z0-9\+/]}{yes}{no}}

Note:

- There's TWO spaces specifically to match start of attachment
(blankline+newline).

- Need message_body_visible set to something reasonable e.g at least 50000

For the derivation see:

http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040301/067645.html

--
Chris Edwards, Glasgow University Computing Service