Is the following DENY valid from within the MIME acl check?
deny message = This message contains malware ($malware_name)
decode = default
malware = */defer_ok
[Is there a better way?]
In Tim Jacksons excellent "How To" (published before the
adoption of content scanning into Exim proper):
http://www.timj.co.uk/linux/Exim-SpamAndVirusScanning.pdf
...it indicates this method as the following without "decode":
How To -- 6.2.5.2. In the MIME ACL (page 15):
deny message = This message contains malware: ($malware_name)
malware = *
Both methods give scan ERRORS under Exim 4.51 on CygWin so
we are trying to ensure that this is supposed to work and that
I have the syntax correct. (Note: I am not seeking help to
debug on Cygwin, merely confirmation or correction of the
syntax acceptable to Exim in general.)
From the Exim Specification 40.3 Scanning MIME parts:
http://www.exim.org/exim-html-4.50/doc/html/spec_40.html#CHAP40
http://www.exim.org/exim-html-4.50/doc/html/spec_40.html#SECT40.3
...'decode' is listed as a valid modifier within the MIME ACL, and
suggests this (which also gives an ERROR for me):
deny message = This message contains malware ($malware_name)
decode = $mime_filename
malware = */defer_ok
Section 40.1 Scanning for viruses:
http://www.exim.org/exim-html-4.50/doc/html/spec_40.html#SECT40.1
...implies that 'malware' is valid (only?) from within the
DATA ACL:
"When av_scanner is correctly set, you can use the malware
condition in the DATA ACL."
Due to Tim's article I have been assuming that this (in the spec)
was not a restictive specification but merely incomplete due to
the new introduction of scanning to Exim proper.
All of the 40.1 examples show the scan from within DATA, using
the deprecated "demime":
deny message = This message contains malware ($malware_name)
demime = *
malware = *
--
Herb Martin
HerbM@???
http://LearnQuick.Com
512 388 7339 -or- 1 800 MCSE PRO
Accelerated MCSE in a Week Seminars
