[SA-exim] Re: [Exim] Rejecting attachments by type

Marc MERLIN marc_news at vasoftware.com
Tue, 25 Jun 2002 18:55:07 -0700


[Note the list Cc, please trim if appropriate]

On Wed, Jun 19, 2002 at 10:12:33AM -0400, Greg Ward wrote:
> I'm also using a filter distantly derived from the filter on the Exim
> site; FWIW, I'm about ready to throw in the towel and switch to a real
> virus detector.  I'm tired of having to change the thing for every new
> virus or variant that comes along.  (Although I suspect I'll get equally
> tired of upgrading 3rd-party virus detector software too... sigh.)

I'm  still  interested   in  a  solution  that   revolves  around  rejecting
potentially executable attachments by mime  type and by extension, just like
Nigel's system_filter solution, but with something that actually parses mime
headers for real and doesn't rely on an ever growing regular expression)

I'm currently considering adding to some  work in SpamAssassin to add custom
headers if an executable attachment is found, and have exim read that header
and reject the mail (SA already does mime  parsing, so I might as well do it
at the same time).
I think I will  need to patch exim to allow for local_scan  to be run before
the DATA ACL (so that I can set  a header in local_scan, and then reject the
Email by just writing DATA ACL conditions).
(I guess I  could also add more  conditions in SA-Exim and  if the condition
matches, SA-Exim rejects  the mail with a custom error  message, even if the
message in itself isn't spam, but that's probably more complex)

Ideas and comments welcome.

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP key