On 6 Jul 2005 at 15:11, Herb Martin wrote about
"RE: [exim] Let's talk Scanning, De":
| > -----Original Message-----
| > From: [EMAIL PROTECTED]
| > [mailto:[EMAIL PROTECTED] On Behalf Of Fred Viles
| > Sent: Wednesday, July 06, 2005 2:34 PM
| > To: [email protected]
Thanks. (I see why you're reluctant to include attributions if this
is the only way LookOut can do it.)
| > FYI, here's the exiscan portion of my DATA ACL:
| >
| > # Quarantine messages with MIME packaging errors
| > warn message = X-quarantine: Serious MIME
| > defect detected ($demime_reason). folder=badmime
| > demime = *
| > condition = ${if or { \
| > {>{$demime_errorlevel}{1}} \
If demime_errorlevel is 2 or greater, or
| > {and { \
| > {>{$demime_errorlevel}{0}} \
| > {match
| > {$demime_reason}{exceeds 76}} \
If demime_reason is "base64 line length exceeds 76 characters". This
is an level 1 error that I want to include, but not other level 1
| > } \
| > } \
| > }{yes}{no}}
|
| What's special about 76+? Or more importantly perhaps,
| where are these documented?
I found the complete list of detected errors, and their associated
error levels, in the source.
| > # Quarantine messages with encrypted archives
| > warn message = X-quarantine: Encrypted archive
| > attached. folder=exe
| > demime = *
| > malware = Encrypted\..*
| > accept
| > demime = *
| > malware = Encrypted\..*
|
| This looks useful.
It's usefull here because we do send and receive legitimate encrypted
ZIPs on occasion. But lotsa virii send themselves around in
encrypted archives, so I didn't want to disable that test in Clam.
| > # Reject virus infested messages
| > deny message = This message contains malware ($malware_name)
| > demime = *
| > malware = *
| >
| > Adding an X-quarantine: header causes a redirect router to
| > route the message to the specified maildir folder for admin review.
|
| I don't think that I understand redirect routers --
Redirect routers just replace the recipient address, after which the
new address gets re-routed. The most common example of a redirect
router is the system aliases router.
In this case my quarantine router checks for the presence of the
X-quarantine: header and, if present, extracts the folder name in
expanding data=.
| my method of accomplishing this is to pick the directory
| and file name based on such headers in my transport
| section
That's another way to skin the cat.
|...
- Fred
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
