Beber wrote:
> Hi,
>
> As noticed on
> http://exim.org/exim-html-4.62/doc/html/spec_html/ch40.html#id2674977
> variables used in spam ACL are "private" except $spam_score_int :
>
> When the spam condition is run, it sets up a number of expansion
> variables. With the exception of $spam_score_int, these are usable only
> within ACLs; their values are not retained with the message and so
> cannot be used at delivery time.
>
> I can't find this anywhere, but is there the same for virus check ?
>
> Thanks
>
AFAIK, the virus check (ClamAV here) is simpler.
ISTR all you get back is a hit/no hit and if a hit, a short string naming the
specific WinCrobe found.
If there *is* more, dunno what one could do with it anyway.
OTOH, once you kill off the zombie farms, missing 'A' and 'PTR' records,
wannabee MTA's on dynamic IP, there is not much left that ordinarily carries
viral payloads.
A rough look at our eximstats show 179 ClamAV hits out of over 100,000 arivals,
roughly 2/10's of 1%?
73% were blocked for other reasons, far more for rude and/or non-smtp behaviour
than SpamAssassin. (Dictionary username attacks, etc.)
The virals should drop further going forward, as a quick inspection shows most
arrived from sources where the entire network is now in dynamic IP hell.
Bill