Hi folks, My google-fu has failed me, so hopefully someone here can help me out. I'm using ClamAV for my content scanning and have a fairly simple config for it in exim.
acl_check_content: <snip> deny message = This message contains unwanted content ($malware_name) > malware = BC\.Heuristic.* > <snip> > malware = BC\.Heuristic\.Trojan.* > warn log_message = This message contains suspicious content > ($malware_name) > message = X-Phishing: $malware_name > malware = * <snip> A router then quarantines anything with the X-Phishing header. But I need one specific ClamAV test (Heuristics.Phishing.Email.SpoofedDomain) to add a different header and then allow the rest of the checks to run as normal. Logically, if I can add a "!malware = Heuristics.Phishing.Email.SpoofedDomain" then I could do something like: acl_check_content: > warn log_message = This message contains suspicious content > ($malware_name) > malware = Heuristics.Phishing.Email.SpoofedDomain > domains = sub1.example.com <http://mydomain1.example.com> : > sub2.example.com > message = X-SpoofedDomain: yes > warn log_message = This message contains suspicious content > ($malware_name) > !malware = Heuristics.Phishing.Email.SpoofedDomain > domains = sub1.example.com <http://mydomain1.example.com/> : > sub2.example.com > message = X-Phishing: $malware_name > malware = * > > warn log_message = This message contains unwanted content > ($malware_name) > domains = !sub1.example.com : !sub2.example.com > message = X-Phishing: $malware_name > malware = * Does anyone know whether the negation of a specific test should work? All the examples I've found so far only use specifying a behaviour for a signature/test. Or if you know a better way of doing this, that'd be great! I'm running Exim 4.84 on CentOS 6.5. Thanks Guy -- Don't just do something...sit there! -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
