[SA-exim] Re: feedback: SpamAssassin at SMTP time in local_scan

[Marc MERLIN]

On Wed, May 08, 2002 at 12:03:50PM -0700, Marc MERLIN wrote:
> > I'm planning on adjusting the logic a bit at some point.  My idea is
> > to read the first line of output from the program to determine whether
> > it passes or fails and to extract the error message from that.  The
> > rest of the output would be RFC2822 headers to update in the message.
> > Obviously 'spamc' would not work as the program in this scenario.  My
> > reasoning is to generalize it a bit to facilitate writing my own
> > scanner that, in addition to delegating to spamc, would check for klez
> > and similar junk for immediate rejection.  This program, at a minimum,
> > would frontend spamc and adapt spamc's output to fit the format (and
> > include the logic to determine pass/fail and build the error message).
>  
> Yeah, I've also given some thought into moving my system_filter rejects at
> SMTP time.
> That said, each of them can be done with a condition statement in the RCPT
> or DATA ACL, so they may be better off there.

Actually, I was wrong, most of the scans are done on the message body.
I don't want to  rewrite eximscan inside my code, that  said, I don't really
care to  do actual virus  checking either,  I'm content doing  simple string
matches like what we have in system_filter right now.

I'll make another version tonight with  your mail save idea, and think about
what  I can  reasonably add  to  do simple  matching on  the body  (anything
matching in the headers can be done with "condition" in the exim ACLs)

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP key