Hi Tom,
thanks that is now possible to use "demime" and "malware" in the
"acl_not_smtp = ..." ACL.
^^^^^^^^^^^^
But there is still the problem that the .../scan/XXXXXX-YYYYYY-ZZ
directories are NOT removed in case of rejection.
Relevant settings from my config:
| av_scanner = clamd:/usr/local/clamav/etc/clamd
| acl_not_smtp = check_not_smtp
|
| check_not_smtp:
|
| require verify = header_syntax
| require verify = header_sender
|
| deny message = Sender <$sender_address> banned at "$qualify_domain".
| log_message = Sender banned (sender_reject for $recipients)
| senders = dbm*@;DBM/sender_reject : *@dbm;DBM/sender_reject
|
| deny message = Message has serious MIME error ($demime_reason)
| log_message = MIME error ($demime_reason)
| demime = *
| condition = ${if >{$demime_errorlevel}{2}{1}{0}}
|
| deny condition = ${if !eq {$sender_address}{}{yes}{no}}
| message = Message contains banned file extension ($found_extension)
| log_message = Banned file extension ($found_extension)
| demime = src:vbs:bat:lnk:pif
|
| deny condition = ${if !eq {$sender_address}{}{yes}{no}}
| message = Message contains malware ($malware_name)
| log_message = Malware ($malware_name)
| malware = *
|
| accept
My workaround is in /etc/crontab:
4 */1 * * * root /usr/sbin/tmpwatch --quiet -m -a -f 1 /var/spool/exim/scan
but I dont't like it.
Kind regards _______________________________________________________________
Frank Elsner / c/o Technische Universitaet Berlin |
____________/ ZRZ, Sekr. E-N 50 |
| Einsteinufer 17 |
| Phone: +49 30 314 23897 D-10587 Berlin |
| eMail: Elsner@??? Germany ____________|
|_________________________________________________________________| Exim rulez
