Author: Paul Lenz Date: To: exim-users New-Topics: [exim] an antivirus for zero-day :) Subject: Re: [exim] Exim4 skips SpamAssassin if attachments are too big
Lena wrote:
> Connect with your server using SSH, give the command:
> exim -bP acl_smtp_data
> In your case it must say:
> acl_smtp_data = check_message
This is exactly the case.
> If it says something else then it's the reason why this in your config
> didn't work:
Hmm...?
> An afterthought: better with \b instead of \s
Thanks!
Anyway - is there a way to pass a test message (stored as a file on my
system) to Exim?
> > 2. I would prefer to use my director which simply moves spam detected by
> > SpamAssassin into a waste bin:
>
> Is the "waste bin" a folder you look at once a day or so?
Only from time to time. Messages from really important senders are never
deleted on my system.
I don't expect important messages from unknown senders.
> > I wrote a plugin for Spamassassin which unzips every attachement and
> > (IMHO very important) unzips every MS Office file (xlsx, xlsm, docx) and
> > looks for strings like "rundll32" or "This program cannot be run in DOS
> > mode" and some others.
>
> Good idea (about Office files). Perhaps I can replicate this
> in Exim without SpamAssassin if you send me your code or a link to it.
How can you use my code? It is written im Perl. As I understand you, you
can write only rules for Exim, but you can not write executable code,
can you?