There is still a shade of uncertainty, though. (I could look at the code to clear it up, and I'll accept a suggestion to do just that, but first I'll try my luck here.)
The text of the spec says: Additional ACL conditions and modifiers: decode, malware, mime_regex, regex, and spam. These can be used in the ACL that is run at the end of message reception (the acl_smtp_data ACL). ... <spool_directory>/scan/<message_id>/<message_id>.eml The .eml extension is a friendly hint to virus scanners that they can expect an MBOX-like structure inside that file. The file is created when the first content scanning facility is called. Subsequent calls to content scanning conditions open the same file again. The directory is recursively removed when the acl_smtp_data ACL has finished running But what counts as "content scanning facility"? Does the mere presence of "decode = default" condition in the data ACL suffice to create this directory and file? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
