[Exim] demime check question..

Top Page
Delete this message
Reply to this message
Author: Brian
Date:  
To: exim-users
Subject: [Exim] demime check question..
Hello all,

In trying to block pif/bat/scr.. I've not been able to get this simpler
looking demime check to work.

# this just doesn't work :(
#deny message   = This message contains an attachment of a type which we
do not accept. (.$found_extension)
# demime        = bat:cmd:com:exe:hta:pif:prf:lnk:scr:shm:vbs:wcs:wsh



acl_smtp_data           = acl_check_data
acl_smtp_mime           = acl_check_mime


these are my acls

acl_check_data:

deny message    = This message contains malformed MIME ($demime_reason).
  demime         = *
  condition      = ${if >{$demime_errorlevel}{2}{1}{0}}


require verify = header_syntax

require verify = header_sender

# this just doesn't work :(
deny message    = This message contains an attachment of a type which we
do not accept. (.$found_extension)
  demime         = bat:cmd:com:exe:hta:pif:prf:lnk:scr:shm:vbs:wcs:wsh


# Reject virus infested messages.
deny message    = This message contains malware ($malware_name)
  demime         = *
  malware        = *


(etc .. )
acl_check_mime:

# Decode MIME parts to disk. This will support virus scanners later.
warn decode = default

# this just doesn't work :(
#deny message   = This message contains an attachment of a type which we
do not accept. (.$found_extension)
# demime        = bat:cmd:com:exe:hta:pif:prf:lnk:scr:shm:vbs:wcs:wsh


# File extension filtering.
# This works
deny message    = blocked file extension: [$mime_filename]
  condition      = ${if match  {${lc:$mime_filename}} \


{\N(\.bat|\.cmd|\.com|\.exe|\.hta|\.pif|\.prf|\.lnk|\.scr|\.shm|\.vbs|\.wcs|\.wsh)$\N}
\
{1}{0}}

(etc.. )


In my logs I get messages from the acl_check_mime check which uses
(\.bat|\.pif\.scr) ..

I'd like to use bat:pif:scr ..

How do I do that?