Re: [exim] Viruses

Top Page
Delete this message
Reply to this message
Author: elrippo
Date:  
To: Lena, exim-users
Subject: Re: [exim] Viruses
Der Lena,
would you mind explaining where to put this exim4?

Am 14. März 2016 16:01:19 MEZ, schrieb Lena@???:
>> From: nb@???
>
>> I'm receiving many spams my antivirus doesn't detect.
>
>UNZIP = /usr/bin/unzip
>UNRAR = /usr/local/bin/unrar
>acl_smtp_mime = acl_check_mime
>begin acl
>acl_check_mime:
>  deny message = Windows-executable attachments forbidden
>       condition = ${if def:sender_host_address}
>       !authenticated = *
>       log_message = forbidden attachment: filename=$mime_filename, \
>             content-type=$mime_content_type, recipients=$recipients
>       condition = ${if or{\
>               {match{$mime_content_type}{(?i)executable}}\
>               {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
>pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
>              }}

>
>deny set acl_m_att = ${if
>match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
>       condition = ${if def:acl_m_att}
>message = A .$acl_m_att attachment contains a Windows-executable file \
>                 - blocked because we are afraid of new viruses \
>                 not recognized [yet] by antiviruses.
>       condition = ${if def:sender_host_address}
>       !authenticated = *
>       decode = default
>log_message = forbidden binary in attachment: filename=$mime_filename,
>\
>                     recipients=$recipients
>       condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
>                        {UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
>                     {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
>     |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}

>
> accept
>
>--
>## List details at https://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/


--