[exim] Viruses

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: [exim] Viruses
> From: nb@???

> I'm receiving many spams my antivirus doesn't detect.


UNZIP = /usr/bin/unzip
UNRAR = /usr/local/bin/unrar
acl_smtp_mime = acl_check_mime
begin acl
acl_check_mime:
  deny message = Windows-executable attachments forbidden
       condition = ${if def:sender_host_address}
       !authenticated = *
       log_message = forbidden attachment: filename=$mime_filename, \
             content-type=$mime_content_type, recipients=$recipients
       condition = ${if or{\
               {match{$mime_content_type}{(?i)executable}}\
               {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
   pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
              }}


  deny set acl_m_att = ${if match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
       condition = ${if def:acl_m_att}
       message = A .$acl_m_att attachment contains a Windows-executable file \
                 - blocked because we are afraid of new viruses \
                 not recognized [yet] by antiviruses.
       condition = ${if def:sender_host_address}
       !authenticated = *
       decode = default
       log_message = forbidden binary in attachment: filename=$mime_filename, \
                     recipients=$recipients
       condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
                                {UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
                             {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
           |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}


accept