Re: [exim] Viruses

Page principale
Supprimer ce message
Répondre à ce message
Auteur: John McMurray
Date:  
À: nb, Exim
Sujet: Re: [exim] Viruses
Hi Nb, Lena,

@Lena, I've implemented the code on a Centos 6 server running Exim
version 4.80.1 #29 built 10-Oct-2013 02:16:32

This works well for zip files but it seems to be ignoring rar files.
I've check and double checked that both unzip and unrar are at the
locations that exim expects them to be at and that both unzip and unrar
do actually work.

Do you have any thoughts on how I can check what's going on?

Thank you,

John McMurray


On 14/03/2016 22:43, nb wrote:
> Thanks Lena.
> As usual, your advice is good.
> Your code works perfectly.
>
> One thing strange however, there are two "550" strings included in the message.
> How do you explain this ?
> Here’s the message generated:
>
> <nb@???>: host colibri.dagami.org[51.255.40.59] said: 550-A .zip
>      attachment contains a Windows-executable file - blocked because we 550 are
>      afraid of new viruses not recognized [yet] by antiviruses. (in reply to end
>      of DATA command)

>
> Regards
>
> nb
>
>
>> Le 14 mars 2016 à 16:01, Lena@??? a écrit :
>>
>>> From: nb@???
>>> I'm receiving many spams my antivirus doesn't detect.
>> UNZIP = /usr/bin/unzip
>> UNRAR = /usr/local/bin/unrar
>> acl_smtp_mime = acl_check_mime
>> begin acl
>> acl_check_mime:
>>   deny message = Windows-executable attachments forbidden
>>        condition = ${if def:sender_host_address}
>>        !authenticated = *
>>        log_message = forbidden attachment: filename=$mime_filename, \
>>              content-type=$mime_content_type, recipients=$recipients
>>        condition = ${if or{\
>>                {match{$mime_content_type}{(?i)executable}}\
>>                {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
>>    pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
>>               }}

>>
>>   deny set acl_m_att = ${if match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
>>        condition = ${if def:acl_m_att}
>>        message = A .$acl_m_att attachment contains a Windows-executable file \
>>                  - blocked because we are afraid of new viruses \
>>                  not recognized [yet] by antiviruses.
>>        condition = ${if def:sender_host_address}
>>        !authenticated = *
>>        decode = default
>>        log_message = forbidden binary in attachment: filename=$mime_filename, \
>>                      recipients=$recipients
>>        condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
>>                                 {UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
>>                              {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
>>            |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}

>>
>> accept
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>