The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

antivirus.exim file syntax

Discussion in 'General Discussion' started by noimad1, Jan 22, 2004.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Does anyone have a writeup anywhere for the correct syntax and options for setting up some filtering in the antivirus.exim file?

    For example, I would like to block a specific section of text. ie. if the text was http://weere.thisdomain.com/23434dfsaf

    and I only wanted to block any messages that contain the thisdomain.com how would I do that. It ried:

    if message_body: contains thisdomain.com but that did not seem to cach the e-mail.

    The problem is I want to block some spam message that contain the spammers URL int he message itself...but the url may be different subdomains and such each time...

    sorry if that doesn't make much sense...it's late and my mind is working slow...
     
  2. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    We use a couple of that nature to get rid of Gibe.B and other trojans/viruses. The example for Gibe.B is as follows:

    if $message_body contains "Run attached file. Choose Yes on displayed dialog box."
    then
    deliver deleteme@server.domain.tld
    seen finish
    endif

    The "deleteme" mailbox is simply a forward to :blackhole: as we don't bother bouncing those since the address on the inbound mail is often not the actual origination point and it creates needless traffic.
     
  3. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Gotcha, but what if the e-mail was all run together with no spaces like this "runattachedfile8578" and you wanted to only search for "runattachedfile" becuase the 8578 is different each time.

    would this work?

    if message_body: contains "runattachedfield"
    then
    seen finish
    endif

    should that catch the e-mail, or do you have to search for complete words?
     
Loading...

Share This Page