Hi folks,
My google-fu has failed me, so hopefully someone here can help me out. I'm
using ClamAV for my content scanning and have a fairly simple config for it
in exim.
acl_check_content:
<snip>
deny message = This message contains unwanted content ($malware_name)
> malware = BC\.Heuristic.*
> <snip>
> malware = BC\.Heuristic\.Trojan.*
>
warn log_message = This message contains suspicious content
> ($malware_name)
> message = X-Phishing: $malware_name
> malware = *
<snip>
A router then quarantines anything with the X-Phishing header. But I need
one specific ClamAV test (Heuristics.Phishing.Email.SpoofedDomain) to add a
different header and then allow the rest of the checks to run as normal.
Logically, if I can add a "!malware =
Heuristics.Phishing.Email.SpoofedDomain" then I could do something like:
acl_check_content:
> warn log_message = This message contains suspicious content
> ($malware_name)
> malware = Heuristics.Phishing.Email.SpoofedDomain
> domains = sub1.example.com <http://mydomain1.example.com> :
> sub2.example.com
> message = X-SpoofedDomain: yes
> warn log_message = This message contains suspicious content
> ($malware_name)
> !malware = Heuristics.Phishing.Email.SpoofedDomain
> domains = sub1.example.com <http://mydomain1.example.com/> :
> sub2.example.com
> message = X-Phishing: $malware_name
> malware = *
>
> warn log_message = This message contains unwanted content
> ($malware_name)
> domains = !sub1.example.com : !sub2.example.com
> message = X-Phishing: $malware_name
> malware = *
Does anyone know whether the negation of a specific test should work? All
the examples I've found so far only use specifying a behaviour for a
signature/test. Or if you know a better way of doing this, that'd be great!
I'm running Exim 4.84 on CentOS 6.5.
Thanks
Guy
--
Don't just do something...sit there!
