Re: [Exim] Auto bounce under some conditions

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPeter Bowyer at <-
MMJan-Peter Koopmann at ->
Delete this message
Reply to this message
Author: rtm
Date:  
To: Peter Bowyer, exim-users
Subject: Re: [Exim] Auto bounce under some conditions
----- Original Message -----
From: "Peter Bowyer" <peter@???>
To: <exim-users@???>
Sent: Thursday, July 15, 2004 2:04 PM
Subject: Re: [Exim] Auto bounce under some conditions


> rtm <hunte@???> wrote:
> > To battle against virus, it's considered that add some new facility
> > to current Exim-based email system.: when exim recevied an email
> > message which contains particular type of attachment files, it reject
> > message and bounce a message to inform both sender and recevier.
> >
>
> Be *very* careful you don't start autoreplying to a worm, then, thus
> contributing to the problem instead of the solution.

Opps, I forgot this. If the sender is worm, the system will auto-reply
large number of nonsense emails. Thanks. 

>
> > The exim is v 4.34 with exiscan-acl patch. Some snippets from
> > exim.conf is:
> > ...
> > acl_smtp_data                 = acl_check_data
> > ...
> > acl_check_data:
> >     discard message       = This is LoveGate.x virus.
> >             condition     =
> > ${lookup{$h_subject:}lsearch{/etc/exim/virus/lovegate.x.title}{$value}}
> >
> >     deny    message       = The server rejected attachment with
> > extension: $found_extension
> >             demime        = exe:com:vbs:bat:pif:scr:zip
>
> Since you've already got exiscan-acl running, why not take the small extra
> step to use a proper malware scanner such as clamav? It will do a much
> better job at detection with no manual intervention from you when a new worm
> comes along. It will return the name of the virus it found in an expansion
> variable so you can use it in a condtion if you need to.
>
> > The problem is when "deny", how to auto-bounce a message to tell the
> > sender that the attachment type is forbided and tell the receiver
> > that some user has ever sent an message with an forbied attachment
> > type?
>
> Look at the 'fakereject' control - you may be able to make it do what you
> want.

I know your opinion: use a AV product to scan email, is it? Yes, we have
a RAV installed, but in some extreme curcumstances, the RAV or other
AV scanner can't work properly, for example, a new worm which still not
recoginzable by AV scanner. This will cause a big problem. This year, we
face one of these cases.

>
> Peter
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] Final Peer Review Sought: "Spam Filtering for MXs" HOWTORE: [Exim] Auto bounce under some conditions->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)