[exim] exim4

Pàgina inicial
Delete this message
Reply to this message
Autor: fhuet
Data:  
CC: exim-users
Assumptes vells: Re: [exim] Exiscan letting through Viruses
Assumpte: [exim] exim4
Hello,


Well, I sent me a mail with an *.exe as attachements.
In my system-filter.exim, I asked exim4 to reject exe, pif, src etcetc.
It seems to be done. But , I have no message that this mail was rejected.

How, as recipient, I can be informed that someone tried to send me a
mail with an attachment ?

Here is exim4.conf in main:


#!!# message_filter renamed system_filter
system_filter = /etc/exim4/system_filter.exim
message_body_visible = 5000
#!!# message_filter_reply_transport renamed system_filter_reply_transport
system_filter_reply_transport = address_reply


and by the way, clamav seems not work :
av_scanner = clamd:/var/run/clamav/clamd.pid


Here is my system_filter.exim:
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename 
[content_type_quoted_fn_match]
if $header_content-type: matches 
"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp
|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
then
  mail to $return_path
       subject "Mail rejected: Executable attachment $1 not permitted."
       text "Your message to $h_to: has been rejected because it has\n\
            potentially executable content $1."
       file /etc/exim/attachment-reject.txt
  seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches 
"(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|h
ta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
  mail to $return_path
       subject "Mail rejected: Executable attachment $1 not permitted."
       text "Your message to $h_to: has been rejected because it has\n\
            potentially executable content $1."
       file /etc/exim/attachment-reject.txt
  seen finish
endif



Thanks

Franck