summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorTom Kistner <tom@duncanthrax.net>2005-01-14 16:18:57 +0000
committerTom Kistner <tom@duncanthrax.net>2005-01-14 16:18:57 +0000
commit9cc891cbbae246cb4d90b1f01aa01c70954fafdc (patch)
tree04850995446cd803ea4d6639b019e28eea0c5793 /doc
parentea3a6f446fb82cd96bac57dbe2694b76d3c9bc34 (diff)
Changes to chapter 39 (exiscan)
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-src/spec.src57
1 files changed, 27 insertions, 30 deletions
diff --git a/doc/doc-src/spec.src b/doc/doc-src/spec.src
index b3e151d21..31d0a2d42 100644
--- a/doc/doc-src/spec.src
+++ b/doc/doc-src/spec.src
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-src/spec.src,v 1.2 2005/01/11 15:17:51 ph10 Exp $
+. $Cambridge: exim/doc/doc-src/spec.src,v 1.3 2005/01/14 16:18:57 tom Exp $
.
.set version "4.50"
.set previousversion "4.40"
@@ -22841,10 +22841,10 @@ temporarily created in a file called:
.endd
The \(.eml)\ extension is a friendly hint to virus scanners that they can
expect an MBOX-like structure inside that file. The file is created when the
-first exiscan facility is called. Subsequent calls to exiscan conditions open
-the same file again. The directory is recursively removed when the
-\acl@_smtp@_data\ ACL has finished running. When the MIME ACL decodes files,
-they are put into that same directory by default.
+first content scanning facility is called. Subsequent calls to content
+scanning conditions open the same file again. The directory is recursively
+removed when the \acl@_smtp@_data\ ACL has finished running. When the MIME
+ACL decodes files, they are put into that same directory by default.
.section Scanning for viruses
@@ -22886,7 +22886,7 @@ av_scanner = aveserver:/var/run/aveserver
.index virus scanners||clamd
\clamd\: This daemon-type scanner is GPL and free. You can get it at
\?http://www.clamav.net/?\. Clamd does not seem to unpack MIME containers,
-so it is recommended to use the demime facility with it. It takes one option:
+so it is recommended to unpack MIME attachments in the MIME ACL. It takes one option:
either the path and name of a UNIX socket file, or a hostname or IP number, and
a port, separated by space, as in the second of these examples:
.display asis
@@ -22909,7 +22909,7 @@ scanner. If the expression matches, a virus was found. You must make absolutely
sure that this expression matches on `virus found'. This is called the
`trigger' expression.
.nextp
-Another regular expression, containing exactly one pair of braces, to match the
+Another regular expression, containing exactly one pair of parentheses, to match the
name of the virus found in the scanners output. This is called the `name'
expression.
.endp
@@ -22986,8 +22986,18 @@ The default path is \(/var/run/sophie)\, so if you are using this, you can omit
the option.
.endp
-When \av@_scanner\ is correcly set, you can use the \malware\ condition in the
-DATA ACL. The condition takes a right-hand argument that is expanded before
+When \av@_scanner\ is correctly set, you can use the \malware\ condition in the
+DATA ACL.
+
+The \malware\ condition caches its results, so when you use it multiple times
+for the same message, the actual scanning process is only carried out once.
+
+\av@_scanner\ is expanded each time \malware\ is called. This makes
+it possible to use different scanners. See further below for an example.
+However, using expandable items in \av@_scanner\ disables the result caching
+of the \malware\ condition.
+
+The condition takes a right-hand argument that is expanded before
use. It can then be one of
.numberpars $.
`true', `*', or `1', in which case the message is scanned for viruses. The
@@ -23010,9 +23020,6 @@ When a virus is found, the condition sets up an expansion variable called
\message\ modifier that specifies the error returned to the sender, and/or in
logging data.
-The \malware\ condition caches its results, so when you use it multiple times
-for the same message, the actual scanning process is only carried out once.
-
If your virus scanner cannot unpack MIME and TNEF containers itself, you should
use the \demime\ condition (see section ~~SECTdemimecond) before the \malware\
condition.
@@ -23044,9 +23051,6 @@ deny message = This message contains malware ($malware_name)
set acl_m0 = aveserver
malware = *
.endd
-However, when \av@_scanner\ is expanded, the caching of the \malware\
-condition result does not happen, so each \malware\ condition call causes a
-new scan of the message.
.section Scanning with SpamAssassin
@@ -23353,13 +23357,16 @@ All parts contained within an attachment multipart are attachments.
.endp
As an example, the following will ban `HTML mail' (including that sent with
-alternative plain text), while allowing HTML files to be attached:
+alternative plain text), while allowing HTML files to be attached. HTML
+coverletter mail attached to non-HMTL coverletter mail will also be allowed:
.display asis
deny message = HTML mail is not accepted here
+ !condition = $mime_is_rfc822
condition = $mime_is_coverletter
condition = ${if eq{$mime_content_type}{text/html}{1}{0}}
.endd
+
.tempindent 0
\$mime@_is@_multipart$\:
This variable has the value 1 (true) when the current part has the main type
@@ -23431,8 +23438,10 @@ CPU-intensive.
.index MIME content scanning
The \demime\ ACL condition provides MIME unpacking, sanity checking and file
extension blocking. It uses a simpler interface to MIME decoding than the MIME
-ACL functionality, but provides no additional facilities. It is kept in exiscan
-for backward compatibility.
+ACL functionality, but provides no additional facilities. Please note that this
+condition is deprecated and kept only for for backward compatibility. You must
+set the WITH_OLD_DEMIME option in the Makefile at build time to be able to use
+the \demime\ condition.
The \demime\ condition unpacks MIME containers in the message. It detects
errors in MIME containers and can match file extensions found in the message
@@ -23526,18 +23535,6 @@ certain amount through string expansions and the \condition\ condition in the
ACL that runs after the SMTP \\DATA\\ command or the ACL for non-SMTP messages
(see chapter ~~CHAPACL), but this has its limitations.
-.index \exiscan\
-An increasingly popular way of doing additional checking is to make use of the
-Exiscan patch for Exim, which adds ACL conditions that perform body scans of
-various kinds. This is available from
-.if ~~html
-[(A HREF="http://duncanthrax.net/exiscan-acl/")]
-/?http://duncanthrax.net/exiscan-acl/?\.
-[(/A)]
-.else
-\?http:@/@/duncanthrax.net/exiscan-acl/?\.
-.fi
-
To allow for even more general checking that can be customized to a site's own
requirements, there is the possibility of linking Exim with a private message
scanning function, written in C. If you want to run code that is written in