You don't want to drop the connection...as somebody else on the list
said, you need to return a failure or else the sender's MTA will keep
retrying.
Exim conf:
--snip--
av_scanner = cmdline:\
/usr/local/uvscan/uvscan --noboot --unzip -r --mime --analyse %s:\
Found:the (.+) virus
--snip--
Data ACL:
--snip--
deny
message = This message contains a virus ($malware_name)
malware = *
--snip--
Result:
2004-10-21 08:13:52 1CKboi-0007FL-57 H=(hk.sina.com.hk) [202.85.139.162]
F=<> rejected after DATA: This message contains a virus (W32/Netsky.d@MM)
I incorporated a TON of other checks in a bunch of ACLs that was posted
to the list a few weeks back...very rarely does a virus even get to the
data ACL because it violates some other policy and gets rejected
beforehand. Saves me the overhead of SpamAssassin, demime and virus
scanning.
Sam
Daniel Chénard wrote:
> Hi, I'm realy new with exim. I'm sorry to say that but i like better
> sendmail than exim. Maybe it's because I dont know very well exim.
>
> I must supervise some server with exim and I look than an email with a
> virus fall back to the sender ( often it's a wrong sender...).
>
> my ACL is
>
> drop message = This message contains malware ($malware_name)
> log_message = MALWARE: $malware_name
> malware = *
> demime = *
>
>
> I have try to set it to deny but I have the same problem.
>
> Can I drop the smtp connexion when exim found a virus?
> I can do that with sendmail and milter but I must to do it with exim...
>
> Thank
>
>
>
>
