Re: [exim] Demime misses extensions (using Exim 4.34)

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Marc Sherman
Datum:  
To: exim-users
Betreff: Re: [exim] Demime misses extensions (using Exim 4.34)
Marc Haber wrote:
>
> How do I convert my demime statements
>
> |  deny
> |    demime = com:vbs:bat:pif:scr:exe
> |    message = no Windows executeables accepted here
> |    log_message = reject, $found_extension file


In the mime ACL:

deny
  condition = ${if match {$mime_filename}\
    {\N\.(com|vbs|bat|pif|scr|exe)$\N}}
  message = no Windows executeables accepted here
  log_message = reject, ${substr_-4_4:$mime_filename} file


> |  deny
> |    demime = *
> |    malware = */defer_ok
> |    condition = ${lookup{$malware_name}lsearch{CONFDIR/malware_reject}{yes}{no}}
> |    message = policy reject malware $malware_name
> |    log_message = rejectable malware found ($malware_name)
> |
> |  warn
> |    demime = *
> |    malware = */defer_ok
> |    log_message = malware found ($malware_name)
> |    set VAR_MALWARE_NAME = $malware_name


If you're using clamav, you can simply drop the demime from those
stanzas; clamav has been able to scan within mime attachments for quite
some time. If you're using a different virus scanner that cannot scan
within mime attachments on its own, you'll probably need to do something
with the decode modifier in the MIME acl, but as I use clavav, I'm not
sure what the exact syntax is.

http://exim.org/exim-html-4.62/doc/html/spec_html/ch40.html#SECTscanmimepart

- Marc