Marc Haber wrote:
>
> How do I convert my demime statements
>
> | deny
> | demime = com:vbs:bat:pif:scr:exe
> | message = no Windows executeables accepted here
> | log_message = reject, $found_extension file
In the mime ACL:
deny
condition = ${if match {$mime_filename}\
{\N\.(com|vbs|bat|pif|scr|exe)$\N}}
message = no Windows executeables accepted here
log_message = reject, ${substr_-4_4:$mime_filename} file
> | deny
> | demime = *
> | malware = */defer_ok
> | condition = ${lookup{$malware_name}lsearch{CONFDIR/malware_reject}{yes}{no}}
> | message = policy reject malware $malware_name
> | log_message = rejectable malware found ($malware_name)
> |
> | warn
> | demime = *
> | malware = */defer_ok
> | log_message = malware found ($malware_name)
> | set VAR_MALWARE_NAME = $malware_name
If you're using clamav, you can simply drop the demime from those
stanzas; clamav has been able to scan within mime attachments for quite
some time. If you're using a different virus scanner that cannot scan
within mime attachments on its own, you'll probably need to do something
with the decode modifier in the MIME acl, but as I use clavav, I'm not
sure what the exact syntax is.
http://exim.org/exim-html-4.62/doc/html/spec_html/ch40.html#SECTscanmimepart
- Marc
