Bill, I have a hack that I'm currently trying in order to use dspam from DATA.
As per http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch40.html there is a file that contains the whole message after the first call to malware until the end of acl_smtp_data. I'll note that the biggest issue is that this only allows for a 'global' dspam setup since acl_smtp_data is only run once for all recipients (although 90% of our mail goes to just one user, so it would be possible to pass that along). So I have: ### deny malware = * message = This message contains a virus ($malware_name). # After the first 'malware' call there is a file at # <spool_directory>/scan/<message_id>/<message_id>.eml # that contains the whole message, so we can use that to have dspam inline # Call dspam via ${run} now that we have a message we can process # Note that we cannot have by-user checks here since this is for everyone warn condition = ${if and { \ {<={$message_size}{128k}} \ { !eq{$acl_m14}{} } \ } {1}{0}} set acl_m15 = ${run {/usr/local/bin/exim_dspam $spool_directory/scan/$message_exim_id/$message_exim_id.eml} {$value}{}} add_header = X-FILTER-DSPAM: by $primary_hostname on $tod_full warn condition = ${if !eq{$acl_m15}{}} add_header = X-DSPAM-Result: ${extract {result}{$acl_m15}} add_header = X-DSPAM-Confidence: ${extract {confidence}{$acl_m15}} add_header = X-DSPAM-Probability: ${extract {probability}{$acl_m15}} add_header = X-DSPAM-Signature: ${extract {signature}{$acl_m15}} ### and /usr/local/bin/exim_dspam is: #!/bin/sh DS_MODE=notrain DS_USER=dspamusr cat $1 | \ dspam --mode=$DS_MODE \ --user $DS_USER \ --deliver=summary \ --stdout | \ sed -e 's/^[^;]*; //; s/[";]//g;' ### end of exim_dspam Any improvements/suggestions would be more than welcome. David [EMAIL PROTECTED] -- On 10/26/06, W B Hacker <[EMAIL PROTECTED]> wrote: > David Saez Padros wrote: > > > Hi !! > > > > Is there any way to use ${run} to pipe the current message > > (including headers) to an external aplication and get the > > output ?? > > > > A 'spamd' or 'malware' call essentially does something similar to utilize > SpamAssasin and ClamAV (or other AV scanner), and I have long wondered how > difficult it would be to 'declare' sockets or IP for more such calls. > > Anyone presently doing this? > > Ex: Anyone invokong a 'Dspam' run from a DATA acl instead of awaiting the > routers? > > Bill > > > -- > ## List details at http://www.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://www.exim.org/eximwiki/ > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
