* Steve Lamb (grey@dmiyu.org) [030920 20:41]: > My only wish is that I knew exiscan-acl well enough to figure out if I > could have a custom script run upon a positive hit. In doing so have the > infected IP automatically added to Shorewall's blacklist. It would also Don't deny the initial mail straightaway. Deliver the message to a special router. This doesn't really cost extra, since you already received the message in order to scan it. Either way, you've received it, at this point the only difference is a 5xx or 2xx code to the peer. You could use the 'warn' verb in your acl to add a special header marking the message as malware, then use this header to route the message to your script instead of to its usual destination. good times, Vineet -- http://www.doorstop.net/ -- One nation, indivisible, with equality, liberty, and justice for all.
Attachment:
pgprmCGODWWC2.pgp
Description: PGP signature