> -----Original Message-----
> From: exim-users-bounces@???
> [mailto:exim-users-bounces@exim.org] On Behalf Of Fred Viles
> Sent: Wednesday, July 06, 2005 2:34 PM
> To: exim-users@???
> FYI, here's the exiscan portion of my DATA ACL:
>
> # Quarantine messages with MIME packaging errors
> warn message = X-quarantine: Serious MIME
> defect detected ($demime_reason). folder=badmime
> demime = *
> condition = ${if or { \
> {>{$demime_errorlevel}{1}} \
> {and { \
> {>{$demime_errorlevel}{0}} \
> {match
> {$demime_reason}{exceeds 76}} \
> } \
> } \
> }{yes}{no}}
What's special about 76+? Or more importantly perhaps,
where are these documented?
> # Quarantine messages with encrypted archives
> warn message = X-quarantine: Encrypted archive
> attached. folder=exe
> demime = *
> malware = Encrypted\..*
> accept
> demime = *
> malware = Encrypted\..*
This looks useful.
> # Reject virus infested messages
> deny message = This message contains malware ($malware_name)
> demime = *
> malware = *
>
> Adding an X-quarantine: header causes a redirect router to
> route the message to the specified maildir folder for admin review.
I don't think that I understand redirect routers --
my method of accomplishing this is to pick the directory
and file name based on such headers in my transport
section (I am already delivering to individual files in
the users folders -- and to a group of "malware catching"
folders):
(I am on Cygwin so some of the following may seem odd; I
don't fully understand it, except for the pathing items
which I re-coded from examples. The rest was straight cut and
paste.)
local_delivery:
driver = appendfile
directory = /cygdrive/C/MERCURY/MAIL/${if def:h_X-SuperSpam: \
{zsuperspam}{${if def:h_X-Spam-Exim: {zspamassassin}{$local_part}}}}
directory_file = q${base62:$tod_epoch}-$inode.${if def:h_X-SuperSpam: \
{cnm}{${if def:h_X-Spam-Exim:{cnm}{cnm}}}}
delivery_date_add
envelope_to_add
return_path_add
initgroups = no
mode = 0666
mode_fail_narrower = no
check_group = no
check_owner = no
The working result is that each mail either goes to the localpart
user OR a similar malware catching account.
The referenced user folders are the Pop locations for these
users accounts.