Re: [exim] Inserting virus warnings in the front of an email…

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Subject: Re: [exim] Inserting virus warnings in the front of an email message
If possible I'd like an Exim solution that is simple and elegant.

jonathan vanasco wrote:

>
> Off the top of my head, you could just pipe the whole message to a
> Perl script if it has a .[\w\w\w].zip and have that alter the message
>
> I'm just thinking that it might be easiest to do as much of this
> outside of exim as possible -- and just have exim handle the analysis.
>
> I'm probably dreadfully wrong on this though, and someone will chime
> in on what an idiot i am.
>
>
>
> On Nov 21, 2004, at 12:54 PM, Marc Perkel wrote:
>
>> I'l like to do the following and wonder if someone can save me the
>> time of figuring it out myself and maybe do a better job than I can.
>>
>> As you know many viruses are now ZIP file format. I personally block
>> all windows executable attachments and therefore prevent new viruses
>> from being spread - but - I can't block ZIP files and I count on
>> ClamAV to do my virus scanning.
>>
>> But - that still leave open a time window between when a virus is
>> first launched and when the virus definitions are updated to stop it.
>> And that worries me. Some windows configs - by default - hide the
>> file extensions. So an attached virus named PASSWORD.DOC.zip appears
>> to be PASSWORD.DOC.
>>
>> What I want to do is to alter the front of the message to include a
>> possible virus warning. Mabe the subject as well. The message will be
>> something like:
>>
>> "Warning - this message contains an attached file named
>> PASSWORD.DOC.zip and there is a possibility it contains a new virus
>> that the virus filter has not caught. Be careful opening messages
>> with ZIP attachments that you are not expecting because if this
>> message is a virus it can damage your computer and cause you to lose
>> your data. If the message is suspicious in any way - do not open the
>> attached ZIP file."
>>
>> I'm using exiscan so I guess I would tag the message with a header
>> and then use a filter rule to alter the message?
>>
>> If I do it - I'll share my solution. But I'd raher one of you wizards
>> out that who are really good at this write this first and do it
>> correctly.
>>
>> Thanks in Advance
>>
>> Marc Perkel
>>
>>
>> --
>> ## List details at http://www.exim.org/mailman/listinfo/exim-users
>> Exim details at http://www.exim.org/ ##
>
>
>