David Snowden wrote: > Hello, > > I am looking at adding the Sanesecurity signatures to ClamAV > (http://www.sanesecurity.com/clamav/), but I want the detection of such > signatures to increase the SpamAssassin score rather than for Exim to reject > the message at the DATA ACL stage (which is what happens for the basic > ClamAV signatures). > > I thought it might be possible to use an "add_header" in the ACL > prior to the point where SpamAssassin is invoked, but on reading the > manual it appears that the header does not actually get added until *after* > the ACL, and this would certainly explain why the rule I added to > SpamAssassin does not seem to be firing. > > So, I'm looking for some advice on other ways of achieving the same effect. > At one extreme I could reject *all* ClamAV signature matches, but the > feeling on the uk-mail-managers mailing list is that it is better just to > tag messages that match the Sanescurity signatures. > > For the record, I'm using Exim 4.66, SpamAssassin 3.1.7a and > ClamAV 0.90.1. > > Thanks, > > Dave > >
Header handling has it's own set of rules, and differences in acl's and routers as well. acl_m(n) is your friend here. Use one or more to store anything from a flag bit to a longish string. Concatenated strings, or numerical values, incremented/decremented, even. Act on whatever you are carrying about as early as the next acl, or as late as router/transport sets, since acl_m's are stored in the queue with each message. DO add a header no later than delivery if you might need it for debugging a week later, as the acl_m will be long-gone, but the header will be part of the very message the luser is griping about. You can also logwrite or log_message the contents of an acl when and where it makes sense w/o destroying it. HTH Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
