[SA-exim] Re: [Exim] Rejecting attachments by type
Marc MERLIN
marc_news at vasoftware.com
Tue, 25 Jun 2002 18:55:07 -0700
[Note the list Cc, please trim if appropriate]
On Wed, Jun 19, 2002 at 10:12:33AM -0400, Greg Ward wrote:
> I'm also using a filter distantly derived from the filter on the Exim
> site; FWIW, I'm about ready to throw in the towel and switch to a real
> virus detector. I'm tired of having to change the thing for every new
> virus or variant that comes along. (Although I suspect I'll get equally
> tired of upgrading 3rd-party virus detector software too... sigh.)
I'm still interested in a solution that revolves around rejecting
potentially executable attachments by mime type and by extension, just like
Nigel's system_filter solution, but with something that actually parses mime
headers for real and doesn't rely on an ever growing regular expression)
I'm currently considering adding to some work in SpamAssassin to add custom
headers if an executable attachment is found, and have exim read that header
and reject the mail (SA already does mime parsing, so I might as well do it
at the same time).
I think I will need to patch exim to allow for local_scan to be run before
the DATA ACL (so that I can set a header in local_scan, and then reject the
Email by just writing DATA ACL conditions).
(I guess I could also add more conditions in SA-Exim and if the condition
matches, SA-Exim rejects the mail with a custom error message, even if the
message in itself isn't spam, but that's probably more complex)
Ideas and comments welcome.
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key