On 2017-02-06 at 17:01 +0100, kamil kapturkiewicz wrote:
> acl_check_data:
>
> ## deny message = $found_extension files are not accepted here
> ## demime = com:exe:vbs:bat:pif:reg:scr
>
> ## deny message = Serious MIME defect detected ($demime_reason).
> ## demime = *
> ## condition = ${if >{$demime_errorlevel}{2}{1}{0}}
>
> deny message = This message contains a virus ($malware_name) and is rejected.
> log_message = rejected VIRUS ($malware_name) from $sender_address to $recipients (ClamAV)
> set acl_m0 = clamd:/tmp/clamd.socket
> condition = ${if < {$message_size}{VIRUS_FILESIZE_LIMIT}}
> ## demime = *
> malware = *
>
> How can I bring back this functionality?
For ClamAV, my recollection is that it unpacks email itself, so all
you've done is had it scan the contents twice, both unexpanded and
expanded. My recollection could be off.
For the extensions, something like this (untested):
# main section:
acl_smtp_mime = acl_check_mime
#...
begin acl
acl_check_mime:
deny message = ${extract{-1}{.}{$mime_filename}} files are not accepted here
condition = ${if inlisti{${extract{-1}{.}{$mime_filename}}}{com:exe:vbs:bat:pif:reg:scr}}
accept
Without a filename, $mime_filename will be empty, the extract result
will be empty and so won't match unless the list of extensions includes
the empty list element.
(Skipping rest of questions already answered)
-Phil
