Hi,
Place it in "acl_check_data:"
I use the same. :)
>-------- Оригинално писмо --------
>От: elrippo elrippo@???
>Относно: Re: [exim] Viruses
>До: Lena@???,exim-users@???
>Изпратено на: 17.03.2016 16:47
Der Lena,
would you mind explaining where to put this exim4?
Am 14. März 2016 16:01:19 MEZ, schrieb Lena@???:
>> From: nb@???
>
>> I'm receiving many spams my antivirus doesn't detect.
>
>UNZIP = /usr/bin/unzip
>UNRAR = /usr/local/bin/unrar
>acl_smtp_mime = acl_check_mime
>begin acl
>acl_check_mime:
> deny message = Windows-executable attachments forbidden
> condition = ${if def:sender_host_address}
> !authenticated = *
> log_message = forbidden attachment: filename=$mime_filename, \
> content-type=$mime_content_type, recipients=$recipients
> condition = ${if or{\
> {match{$mime_content_type}{(?i)executable}}\
> {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
>pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
> }}
>
>deny set acl_m_att = ${if
>match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
> condition = ${if def:acl_m_att}
>message = A .$acl_m_att attachment contains a Windows-executable file \
> - blocked because we are afraid of new viruses \
> not recognized [yet] by antiviruses.
> condition = ${if def:sender_host_address}
> !authenticated = *
> decode = default
>log_message = forbidden binary in attachment: filename=$mime_filename,
>\
> recipients=$recipients
> condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
> {UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
> {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
> |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}
>
> accept
>
>--
>## List details at https://lists.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://wiki.exim.org/
--
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
