Re: [Exim] Auto bounce under some conditions

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim-users
Subject: Re: [Exim] Auto bounce under some conditions
rtm <hunte@???> wrote:
> To battle against virus, it's considered that add some new facility
> to current Exim-based email system.: when exim recevied an email
> message which contains particular type of attachment files, it reject
> message and bounce a message to inform both sender and recevier.
>


Be *very* careful you don't start autoreplying to a worm, then, thus
contributing to the problem instead of the solution.

> The exim is v 4.34 with exiscan-acl patch. Some snippets from
> exim.conf is:
> ...
> acl_smtp_data                 = acl_check_data
> ...
> acl_check_data:
>     discard message       = This is LoveGate.x virus.
>             condition     =
> ${lookup{$h_subject:}lsearch{/etc/exim/virus/lovegate.x.title}{$value}}

>
>     deny    message       = The server rejected attachment with
> extension: $found_extension
>             demime        = exe:com:vbs:bat:pif:scr:zip


Since you've already got exiscan-acl running, why not take the small extra
step to use a proper malware scanner such as clamav? It will do a much
better job at detection with no manual intervention from you when a new worm
comes along. It will return the name of the virus it found in an expansion
variable so you can use it in a condtion if you need to.

> The problem is when "deny", how to auto-bounce a message to tell the
> sender that the attachment type is forbided and tell the receiver
> that some user has ever sent an message with an forbied attachment
> type?


Look at the 'fakereject' control - you may be able to make it do what you
want.

Peter