Re: [exim] Viruses

nb Mon, 14 Mar 2016 13:47:10 -0700

Thanks Lena.
As usual, your advice is good.
Your code works perfectly.

One thing strange however, there are two "550"  strings included in the message.
How do you explain this ?
Here’s the message generated:


<n...@dagami.org>: host colibri.dagami.org[51.255.40.59] said: 550-A .zip
    attachment contains a Windows-executable file - blocked because we 550 are
    afraid of new viruses not recognized [yet] by antiviruses. (in reply to end
    of DATA command)

Regards

nb


> Le 14 mars 2016 à 16:01, l...@lena.kiev.ua a écrit :
> 
>> From: n...@dagami.org
> 
>> I'm receiving many spams my antivirus doesn't detect.
> 
> UNZIP = /usr/bin/unzip
> UNRAR = /usr/local/bin/unrar
> acl_smtp_mime = acl_check_mime
> begin acl
> acl_check_mime:
>  deny message = Windows-executable attachments forbidden
>       condition = ${if def:sender_host_address}
>       !authenticated = *
>       log_message = forbidden attachment: filename=$mime_filename, \
>                    content-type=$mime_content_type, recipients=$recipients
>       condition = ${if or{\
>                          {match{$mime_content_type}{(?i)executable}}\
>                          {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
>   pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
>                         }}
> 
>  deny set acl_m_att = ${if match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
>       condition = ${if def:acl_m_att}
>       message = A .$acl_m_att attachment contains a Windows-executable file \
>                 - blocked because we are afraid of new viruses \
>                 not recognized [yet] by antiviruses.
>       condition = ${if def:sender_host_address}
>       !authenticated = *
>       decode = default
>       log_message = forbidden binary in attachment: filename=$mime_filename, \
>                     recipients=$recipients
>       condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
>                                {UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
>                             {\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
>           |js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}
> 
>  accept
> 
> -- 
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

smime.p7s
Description: S/MIME cryptographic signature

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Viruses

Reply via email to