Thanks Lena.
As usual, your advice is good.
Your code works perfectly.
One thing strange however, there are two "550" strings included in the message.
How do you explain this ?
Here’s the message generated:
<nb@???>: host colibri.dagami.org[51.255.40.59] said: 550-A .zip
attachment contains a Windows-executable file - blocked because we 550 are
afraid of new viruses not recognized [yet] by antiviruses. (in reply to end
of DATA command)
Regards
nb
> Le 14 mars 2016 à 16:01, Lena@??? a écrit :
>
>> From: nb@???
>
>> I'm receiving many spams my antivirus doesn't detect.
>
> UNZIP = /usr/bin/unzip
> UNRAR = /usr/local/bin/unrar
> acl_smtp_mime = acl_check_mime
> begin acl
> acl_check_mime:
> deny message = Windows-executable attachments forbidden
> condition = ${if def:sender_host_address}
> !authenticated = *
> log_message = forbidden attachment: filename=$mime_filename, \
> content-type=$mime_content_type, recipients=$recipients
> condition = ${if or{\
> {match{$mime_content_type}{(?i)executable}}\
> {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
> pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
> }}
>
> deny set acl_m_att = ${if match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
> condition = ${if def:acl_m_att}
> message = A .$acl_m_att attachment contains a Windows-executable file \
> - blocked because we are afraid of new viruses \
> not recognized [yet] by antiviruses.
> condition = ${if def:sender_host_address}
> !authenticated = *
> decode = default
> log_message = forbidden binary in attachment: filename=$mime_filename, \
> recipients=$recipients
> condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
> {UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
> {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
> |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}
>
> accept
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
