Re: [exim] saving copies of virus infected mail?

Top Page
Delete this message
Reply to this message
Author: Chris Edwards
Date:  
To: Marcus Barczak
CC: exim-users
Subject: Re: [exim] saving copies of virus infected mail?
On Thu, 8 Jun 2006, Marcus Barczak wrote:

| Basically what I would like to do is save a copy of any messages
| identified as a virus by either of the scanners. I'm relatively new
| to exim coming from a postfix and sendmail background so am learning
| as I go here. What I considered adding was the following line after
| each malware call:
|
| condition = ${run {/bin/cp
| /var/spool/exim/scan/$message_id/$message_id.eml
| /var/spool/quarantine/Q-$message_id}{1}{1}}


Hi,

Check out:

control = fakereject

which gives the sender a 5xx rejection response, but then sneakily
proceeds to deliver the message as normal. The ACL entry might look
something like this (untested!):

  accept
    malware = *
    control = fakereject/This message is infested with malware


You will also want a redirect router to divert the message into your
quarantine box.

--
Chris Edwards, Glasgow University Computing Service