Off the top of my head, you could just pipe the whole message to a Perl
script if it has a .[\w\w\w].zip and have that alter the message
I'm just thinking that it might be easiest to do as much of this
outside of exim as possible -- and just have exim handle the analysis.
I'm probably dreadfully wrong on this though, and someone will chime
in on what an idiot i am.
On Nov 21, 2004, at 12:54 PM, Marc Perkel wrote:
> I'l like to do the following and wonder if someone can save me the
> time of figuring it out myself and maybe do a better job than I can.
>
> As you know many viruses are now ZIP file format. I personally block
> all windows executable attachments and therefore prevent new viruses
> from being spread - but - I can't block ZIP files and I count on
> ClamAV to do my virus scanning.
>
> But - that still leave open a time window between when a virus is
> first launched and when the virus definitions are updated to stop it.
> And that worries me. Some windows configs - by default - hide the file
> extensions. So an attached virus named PASSWORD.DOC.zip appears to be
> PASSWORD.DOC.
>
> What I want to do is to alter the front of the message to include a
> possible virus warning. Mabe the subject as well. The message will be
> something like:
>
> "Warning - this message contains an attached file named
> PASSWORD.DOC.zip and there is a possibility it contains a new virus
> that the virus filter has not caught. Be careful opening messages with
> ZIP attachments that you are not expecting because if this message is
> a virus it can damage your computer and cause you to lose your data.
> If the message is suspicious in any way - do not open the attached ZIP
> file."
>
> I'm using exiscan so I guess I would tag the message with a header and
> then use a filter rule to alter the message?
>
> If I do it - I'll share my solution. But I'd raher one of you wizards
> out that who are really good at this write this first and do it
> correctly.
>
> Thanks in Advance
>
> Marc Perkel
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> Exim details at http://www.exim.org/ ##