Re: [exim] Viruses

Sat, 02 Apr 2016 00:55:31 -0700 

Hi Nb, Lena,
@Lena, I've implemented the code on a Centos 6 server running Exim version 4.80.1 #29 built 10-Oct-2013 02:16:32 


This works well for zip files but it seems to be ignoring rar files. 
I've check and double checked that both unzip and unrar are at the 
locations that exim expects them to be at and that both unzip and unrar 
do actually work.


Do you have any thoughts on how I can check what's going on?

Thank you,

John McMurray


On 14/03/2016 22:43, nb wrote:

Thanks Lena.
As usual, your advice is good.
Your code works perfectly.

One thing strange however, there are two "550"  strings included in the message.
How do you explain this ?
Here’s the message generated:

<[email protected]>: host colibri.dagami.org[51.255.40.59] said: 550-A .zip
     attachment contains a Windows-executable file - blocked because we 550 are
     afraid of new viruses not recognized [yet] by antiviruses. (in reply to end
     of DATA command)

Regards

nb



Le 14 mars 2016 à 16:01, [email protected] a écrit :


From: [email protected]
I'm receiving many spams my antivirus doesn't detect.

UNZIP = /usr/bin/unzip
UNRAR = /usr/local/bin/unrar
acl_smtp_mime = acl_check_mime
begin acl
acl_check_mime:
  deny message = Windows-executable attachments forbidden
       condition = ${if def:sender_host_address}
       !authenticated = *
       log_message = forbidden attachment: filename=$mime_filename, \
                     content-type=$mime_content_type, recipients=$recipients
       condition = ${if or{\
                           {match{$mime_content_type}{(?i)executable}}\
                           {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
   pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
                          }}

  deny set acl_m_att = ${if match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
       condition = ${if def:acl_m_att}
       message = A .$acl_m_att attachment contains a Windows-executable file \
                 - blocked because we are afraid of new viruses \
                 not recognized [yet] by antiviruses.
       condition = ${if def:sender_host_address}
       !authenticated = *
       decode = default
       log_message = forbidden binary in attachment: filename=$mime_filename, \
                     recipients=$recipients
       condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
                                {UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
                             {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
           |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}

  accept

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/





















					Reply via email to