dnl dnl проверка писем на вирусы dnl dnl # dnl # поля переменной $acl_m7 для передачи параметров dnl # антивирусной квитанции в системный фильтр: dnl # 1. список получателей квитанции dnl # 2. название антивируса dnl # 3. название вируса dnl # 4. имя файла в каратине dnl # 5. адрес антивирусного администратора, которому пользователи dnl # могут отсылать запросы на получение писем из карантина dnl # 6. полный список получателей зараженного письма dnl # 7. boundary для квитации dnl # ifelse_strstr(SECTION, `ACL_CHECK_RCPT', `dnl ifdef(`confQUARANTINE_MAILDIR',`',`define(`confQUARANTINE_MAILDIR',`')') ifelse_strstr(confAV_NOTIFY, `RCPT', `dnl ifelse(confAV_NOTIFY_SKIP_RCPT, `YES', `dnl _ARG_ ! recipients = @@wildlsearch;CONFDIR/skip_avir_notify_rcpt set acl_m7 = ${if eq{$acl_m7}{}{<$local_part@$domain>}\ {$acl_m7, <$local_part@$domain>}} ') ') dnl ifelse_strstr(confAV_NOTIFY, `RCPT', `') ') dnl ifelse_strstr(SECTION, `ACL_CHECK_RCPT', `') ifelse(SECTION, `ACLS_ADDITIONAL', `dnl acl_check_data_av: warn set acl_c0 = defer accept ! malware = * set acl_c0 = clean warn set acl_c0 = infected accept ') dnl ifelse(SECTION, `ACLS_ADDITIONAL', `') ifelse(SECTION, `ACL_CHECK_DATA', `dnl ifdef(`_AV_NO', ` define(`_AV_TMP', `eval(_AV_NO + 1)') define(`_AV_NO', _AV_TMP) ',` define(`_AV_NO', `0') ') define(`_AV_ACT', `confANTIVIRUS'_AV_NO`_ACT')dnl define(`_AV_NAME', `confANTIVIRUS'_AV_NO`_NAME')dnl define(`_AV_SCAN', `confANTIVIRUS'_AV_NO`_SCAN')dnl define(`_AV_OPT', `confANTIVIRUS'_AV_NO`_OPT')dnl define(`_AV_NAME_CMD', `confANTIVIRUS'_AV_NO`_NAME_CMD')dnl define(`_AV_NAME_DEFAULT', `confANTIVIRUS'_AV_NO`_NAME_DEFAULT')dnl dnl если для предыдущего демона был указан параметр defer_next ifelse(_AV_DEFER_NEXT_,`YES',` define(`_AV_DEFER_PREV_',`condition = ${if eq{$acl_c1}{defer}{yes}{no}}') ',` define(`_AV_DEFER_PREV_',`\') ') ifelse_strstr(_AV_OPT,`defer_next',` define(`_AV_DEFER_NEXT_', `YES') ',` define(`_AV_DEFER_NEXT_', `NO') ') ifelse_strstr(_AV_OPT,`defer_no_mbox_unspool',` define(`_AV_DEFER_NO_MBOX_UNSPOOL_', `YES') define(`_AV_DEFER_NO_MBOX_UNSPOOL1', `set acl_m1 = skip_no_mbox_unspool') define(`_AV_DEFER_NO_MBOX_UNSPOOL2', `set acl_m1 = check_no_mbox_unspool') ',` define(`_AV_DEFER_NO_MBOX_UNSPOOL_', `NO') define(`_AV_DEFER_NO_MBOX_UNSPOOL1', `\') define(`_AV_DEFER_NO_MBOX_UNSPOOL2', `\') ') ifelse_strstr(_AV_OPT,`defer_freeze',` define(`_AV_DEFER_FREEZE_', `YES') ',` define(`_AV_DEFER_FREEZE_', `NO') ') ifelse_strstr(_AV_OPT,`defer_ok',` define(`_AV_DEFER_OK_', `YES') ',` define(`_AV_DEFER_OK_', `NO') ') ifelse(_AV_OPT,`confANTIVIRUS'_AV_NO`_OPT', `define(`_AV_OPT',`')', `ifelse(_AV_DEFER_OK_,`YES', `define(`_AV_OPT',`/defer_ok')', `define(`_AV_OPT',`')' )' ) ifelse(_AV_ACT,`confANTIVIRUS'_AV_NO`_ACT',`',` ifelse(_AV_NO, `0', ` # Присвоение значения флагу warn set acl_c0 = clean ') dnl deprecated значение WARN заменяем на DISCARD+QUARANTINE ifelse(_AV_ACT, `WARN', `define(`_AV_ACT', `DISCARD QUARANTINE')') dnl если указано действие DROP, заменяем (доплняем список дейтсвий) его на DISCARD ifelse_strstr(_AV_ACT, `DROP', `define(`_AV_ACT', _AV_ACT` DISCARD')') dnl если указано действие WARN, заменяем его на QUARANTINE ifelse_strstr(_AV_ACT, `WARN', `define(`_AV_ACT', _AV_ACT` QUARANTINE')') ifelse(len(X`'confQUARANTINE_MAILDIR),`1',`undefine(`confQUARANTINE_MAILDIR')') define(`_AV_NOTIFICATION_PARAMETERS', `ifelse(confAV_NOTIFY_SKIP_RCPT, `YES', `$acl_m7', `$recipients')\ |_AV_NAME\ |$malware_name\ ifdef(`confQUARANTINE_MAILDIR', ` |confQUARANTINE_MAILDIR\', ` |confQUARANTINE_DIR/_AV_NAME/${malware_name}/${message_id}\') |confAV_ADMIN\ |$recipients\ |NEXT_PART_${sg{${tod_log}.${message_id}.${qualify_domain}._AV_NAME}{\N\s\N}{.}}_notification\ # |CONFDIR/antivir_notification.txt # |confCONFDIR/antivir_notification.txt |${sg{CONFDIR/antivir_notification.txt}{CONFDIR}{confCONFDIR}} ') ifdef(`_AV_NAME_CMD', `define(`_AV_NAME_MSG', `esyscmd(_AV_NAME_CMD)')')dnl ifelse(len(X`'_AV_NAME_MSG), `1', `ifdef(`_AV_NAME_DEFAULT',`define(`_AV_NAME_MSG', _AV_NAME_DEFAULT)')')dnl ifelse(len(X`'_AV_NAME_MSG), `1', `define(`_AV_NAME_MSG', _AV_NAME)')dnl # Проверка письма warn set acl_c1 = $acl_c0 set acl_c0 = clean set acl_m0 = _AV_SCAN _AV_DEFER_NO_MBOX_UNSPOOL1 _AV_DEFER_PREV_ _AV_DEFER_NO_MBOX_UNSPOOL2 acl = acl_check_data_av warn condition = ${if eq{$acl_c0}{clean}{yes}{no}} ifelse(_AV_DEFER_PREV_,`\',`',` condition = ${if eq{$acl_c1}{defer}{yes}{no}} ') message = X-AV-Status: _AV_NAME_MSG on $primary_hostname at $tod_log: clean ifelse_strstr(_AV_DEFER_NO_MBOX_UNSPOOL_`'_AV_DEFER_FREEZE_, `YES', ` # Отмена удаления проверяемого письма из /var/spool/exim/scan в случае # DEFERа от антивируса # в параметреах был указан defer_no_mbox_unspool warn _AV_DEFER_PREV_ condition = ${if eq{$acl_m1}{check_no_mbox_unspool}{yes}{no}} condition = ${if eq{$acl_c0}{defer}{yes}{no}} ifelse(_AV_DEFER_NO_MBOX_UNSPOOL_, `YES', ` control = no_mbox_unspool ') ifelse(_AV_DEFER_FREEZE_, `YES', ` control = freeze ') log_message = _AV_NAME: error while scanning message\ `'ifelse(_AV_DEFER_NO_MBOX_UNSPOOL_, `YES', `, spool files will not be deleted')\ `'ifelse(_AV_DEFER_FREEZE_, `YES', `, message will be freeze') message = X-AV-Status: _AV_NAME_MSG on $primary_hostname at $tod_log: deferred\ `'ifelse(_AV_DEFER_NO_MBOX_UNSPOOL_, `YES', `, mbox will not be unspooled')\ `'ifelse(_AV_DEFER_FREEZE_, `YES', `, message will be freeze') ',` warn _AV_DEFER_PREV_ condition = ${if eq{$acl_c0}{defer}{yes}{no}} log_message = _AV_NAME: error while scanning message message = X-AV-Status: _AV_NAME_MSG on $primary_hostname at $tod_log: deferred ') ifelse_strstr(confRATE_LIMIT, `INFECTED', ` ENTERPRISE(`rate-limit', `store_av') ') ifelse_strstr(_AV_DEFER_OK_`'_AV_DEFER_NEXT_`'_AV_DEFER_FREEZE_,`YES',`',` # Возврат SMTP клиенту мягкой ошибки в случае DEFERа от антивируса # в параметреах не был указан defer_ok или defer_next defer _AV_DEFER_PREV_ condition = ${if eq{$acl_c0}{defer}{yes}{no}} message = Antivirus unreachable. Please try again later ($message_id) log_message = _AV_NAME: error while scanning message. Message deferred ') ifelse_strstr(_AV_ACT, `DISCARD', ` ifelse_strstr(_AV_ACT, `QUARANTINE', ` # Пометка зараженного письма для помещения в карантин # QUARANTINE, DISCARD warn _AV_DEFER_PREV_ condition = ${if eq{$acl_c0}{infected}{yes}{no}} set acl_c0 = quarantine log_message = _AV_NAME found a virus: $malware_name message = X-AV-Status: _AV_NAME_MSG on $primary_hostname at $tod_log: \ infected, malware $malware_name has been found\n\ X-Original-Recipients: $recipients logwrite = original recipients: $recipients set acl_m7 = _AV_NOTIFICATION_PARAMETERS accept condition = ${if eq{$acl_c0}{quarantine}{yes}{no}} ',` # Удаление зараженного письма # DISCARD drop _AV_DEFER_PREV_ condition = ${if eq{$acl_c0}{infected}{yes}{no}} set acl_c0 = discard log_message = _AV_NAME found a virus: $malware_name ') dnl ifelse_strstr(_AV_ACT, `QUARANTINE', `', `') ',` ifelse_strstr(_AV_ACT, `QUARANTINE', ` # Фиктивный отказ от приема зараженного письма с пометкой письма # для помещения в карантин # QUARANTINE, REJECT warn _AV_DEFER_PREV_ condition = ${if eq{$acl_c0}{infected}{yes}{no}} set acl_c0 = quarantine logwrite = original recipients: $recipients message = X-AV-Status: _AV_NAME_MSG on $primary_hostname at $tod_log: \ infected, malware $malware_name has been found\n\ X-Original-Recipients: $recipients log_message = _AV_NAME found a virus: $malware_name control = fakereject/_AV_NAME found a virus: $malware_name set acl_m7 = _AV_NOTIFICATION_PARAMETERS accept condition = ${if eq{$acl_c0}{quarantine}{yes}{no}} ',` # Отказ от приема зараженного писема # REJECT deny _AV_DEFER_PREV_ condition = ${if eq{$acl_c0}{infected}{yes}{no}} message = _AV_NAME found a virus: $malware_name ') dnl ifelse_strstr(_AV_ACT, `QUARANTINE', `', `') ') dnl ifelse_strstr(_AV_ACT, `DISCARD', `') FEATURE(`antivirus') ') dnl ifelse(_AV_ACT,`confANTIVIRUS'_AV_NO`_ACT',`',`') ') dnl ifelse(SECTION, `ACL_CHECK_DATA', `')