[TriLUG] Blocking Attachments in Exim/A really wack network admin

[Joshua Gitlin]

First, let me apologize to David, Jon, Tanner, and everyone else -- 
Before I dealt with this situation I contacted my ISP, and they assured 
me that (as Matthew said) what my server is doing is the same as what 
"most" servers are configured to do. This gave me an invalid sense that 
I was in the right, and the tone of my message was harsh. I accept that 
what I'm doing isn't the right solution, but my questions still remain 
unanswered. Jon -- I'd like to "get a clue" and be more responsible. 
That's why I posted in the first place...

It seems that the consensus is that I should just drop messages with 
these potantal virus attachments, instead of bouncing them or rejecting 
them at SMTP time. Currently, my exim's antivirus file looks like this:

if $message_body matches <a variety of rules...>
then
   fail text "This message has been rejected because it has\n\
              a potentially executable attachment $1\n\
              This form of attachment has been used by\n\
              recent viruses or other malware.\n\
              If you meant to send this file then please\n\
              package it up as a zip file and resend it."
   seen finish
endif

What do I use instead of "fail text"? Is the best option really just to 
/dev/null these messages? And if so, what command do I use?

Thanks again for all your help guys.

-Josh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040412/254d6ac8/attachment.pgp>