Hi Exim Users,
I'm trying to modify our current content scanning ACL to allow for us
to save/quarantine copies of virally infected email that passes
through our mail servers. We are using both Sophos and Clam to do the
scanning and our current setup scanning ACL's look like this:
---
# Sophos
deny message = This message contains malicious software ($malware_name)
log_message =
VIRUS_DETAIL:[$recipients||$sender_host_address||$sender_address||$malware_name||SO]
set acl_m1 = sophie:/var/run/sophie.sock
demime = *
malware = */defer_ok
# ClamAV
deny message = This message contains malicious software ($malware_name)
log_message =
VIRUS_DETAIL:[$recipients||$sender_host_address||$sender_address||$malware_name||CL]
set acl_m1 = clamd:/var/run/clamav/clamd
demime = *
malware = */defer_ok
---
Basically what I would like to do is save a copy of any messages
identified as a virus by either of the scanners. I'm relatively new
to exim coming from a postfix and sendmail background so am learning
as I go here. What I considered adding was the following line after
each malware call:
condition = ${run {/bin/cp
/var/spool/exim/scan/$message_id/$message_id.eml
/var/spool/quarantine/Q-$message_id}{1}{1}}
My theory here is to copy the message to the quarantine folder after
it has been identified as viral.
I'm having it return 1 regardless of the result of the cp as i'm
assuming here that is the message processing actually gets to evaluate
the condition statement we already know the message is viral.
Is this an appropriate approach to achieving my goal? Is there a
better way to do what i'm wanting to do.
Many thanks in advance.
Cheers,
Marcus