On Wed, Aug 04, 2004 at 09:43:41PM +0930, David Purton wrote:
> On Tue, Aug 03, 2004 at 12:04:07PM -0700, Paul Johnson wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > David Purton <dcpurton@chariot.net.au> writes:
> >
> > > I have a question about virus scanning at smtp time. Sadly I still
> > > find Exim4 acl stuff a bit of a black art :(
> > >
> > > Sometimes a virus that clamav *does* already know about gets through.
> >
> > That's usually a new virus.
>
> Not in this case - clamav does know about it - it never gets to clamav.
> This is confirmed in the clamav logs
> >
> > > deny message = This message contains malformed MIME ($demime_reason)
> > > demime = *
> > > condition = ${if >{$demime_errorlevel}{2}{1}{0}}
> > >
> > >
> > > If I understand this correctly, then it will deny any message with
> > > broken mime encoding.
> > >
> > > 1. Will this help in my above situation?
> >
> > Possibly. Try it and see? Let us know what it does for you.
> >
>
hmmm - ok, for those who are interested, this blocks it:
deny message = This message contains malformed MIME
($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{1}{1}{0}}
Changing the {2} to {1} means that it will bounce messages that have one
mime error as opposed to two mime errors. It would seem that this MyDoom
varient only triggers one error.
I'll have to consider whether this is worthwhile or not, since I gather
some MS mailers might do this by design...
cheers
dc
--
David Purton
dcpurton@chariot.net.au
For the eyes of the LORD range throughout the earth to
strengthen those whose hearts are fully committed to him.
2 Chronicles 16:9a
Attachment:
signature.asc
Description: Digital signature