rtm <hunte@???> wrote:
> To battle against virus, it's considered that add some new facility
> to current Exim-based email system.: when exim recevied an email
> message which contains particular type of attachment files, it reject
> message and bounce a message to inform both sender and recevier.
>
Be *very* careful you don't start autoreplying to a worm, then, thus
contributing to the problem instead of the solution.
> The exim is v 4.34 with exiscan-acl patch. Some snippets from
> exim.conf is:
> ...
> acl_smtp_data = acl_check_data
> ...
> acl_check_data:
> discard message = This is LoveGate.x virus.
> condition =
> ${lookup{$h_subject:}lsearch{/etc/exim/virus/lovegate.x.title}{$value}}
>
> deny message = The server rejected attachment with
> extension: $found_extension
> demime = exe:com:vbs:bat:pif:scr:zip
Since you've already got exiscan-acl running, why not take the small extra
step to use a proper malware scanner such as clamav? It will do a much
better job at detection with no manual intervention from you when a new worm
comes along. It will return the name of the virus it found in an expansion
variable so you can use it in a condtion if you need to.
> The problem is when "deny", how to auto-bounce a message to tell the
> sender that the attachment type is forbided and tell the receiver
> that some user has ever sent an message with an forbied attachment
> type?
Look at the 'fakereject' control - you may be able to make it do what you
want.
Peter
