Changes to chapter 39 (exiscan)

diff --git a/doc/doc-src/spec.src b/doc/doc-src/spec.src
index b3e151d214c04937635e3cf2814b33458233762c..31d0a2d42198fe5b1f407419e53aac65ec75e36b 100644 (file)
--- a/doc/doc-src/spec.src
+++ b/doc/doc-src/spec.src
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-src/spec.src,v 1.2 2005/01/11 15:17:51 ph10 Exp $
+. $Cambridge: exim/doc/doc-src/spec.src,v 1.3 2005/01/14 16:18:57 tom Exp $

 .
 .set version "4.50"
 .set previousversion "4.40"
 .
 .set version "4.50"
 .set previousversion "4.40"


@@ -22841,10 +22841,10 @@ temporarily created in a file called:
 .endd
 The \(.eml)\ extension is a friendly hint to virus scanners that they can
 expect an MBOX-like structure inside that file. The file is created when the
 .endd
 The \(.eml)\ extension is a friendly hint to virus scanners that they can
 expect an MBOX-like structure inside that file. The file is created when the

-first exiscan facility is called. Subsequent calls to exiscan conditions open
-the same file again. The directory is recursively removed when the
-\acl@_smtp@_data\ ACL has finished running. When the MIME ACL decodes files,
-they are put into that same directory by default.
+first content scanning facility is called. Subsequent calls to content
+scanning conditions open the same file again. The directory is recursively
+removed when the \acl@_smtp@_data\ ACL has finished running. When the MIME
+ACL decodes files, they are put into that same directory by default.

 
 
 .section Scanning for viruses
 
 
 .section Scanning for viruses


@@ -22886,7 +22886,7 @@ av_scanner = aveserver:/var/run/aveserver
 .index virus scanners||clamd
 \clamd\: This daemon-type scanner is GPL and free. You can get it at
 \?http://www.clamav.net/?\. Clamd does not seem to unpack MIME containers,
 .index virus scanners||clamd
 \clamd\: This daemon-type scanner is GPL and free. You can get it at
 \?http://www.clamav.net/?\. Clamd does not seem to unpack MIME containers,

-so it is recommended to use the demime facility with it. It takes one option:
+so it is recommended to unpack MIME attachments in the MIME ACL. It takes one option:

 either the path and name of a UNIX socket file, or a hostname or IP number, and
 a port, separated by space, as in the second of these examples:
 .display asis
 either the path and name of a UNIX socket file, or a hostname or IP number, and
 a port, separated by space, as in the second of these examples:
 .display asis


@@ -22909,7 +22909,7 @@ scanner. If the expression matches, a virus was found. You must make absolutely
 sure that this expression matches on `virus found'. This is called the
 `trigger' expression.
 .nextp
 sure that this expression matches on `virus found'. This is called the
 `trigger' expression.
 .nextp

-Another regular expression, containing exactly one pair of braces, to match the
+Another regular expression, containing exactly one pair of parentheses, to match the

 name of the virus found in the scanners output. This is called the `name'
 expression.
 .endp
 name of the virus found in the scanners output. This is called the `name'
 expression.
 .endp


@@ -22986,8 +22986,18 @@ The default path is \(/var/run/sophie)\, so if you are using this, you can omit
 the option.
 .endp
 
 the option.
 .endp
 

-When \av@_scanner\ is correcly set, you can use the \malware\ condition in the
-DATA ACL. The condition takes a right-hand argument that is expanded before
+When \av@_scanner\ is correctly set, you can use the \malware\ condition in the
+DATA ACL.
+
+The \malware\ condition caches its results, so when you use it multiple times
+for the same message, the actual scanning process is only carried out once. 
+
+\av@_scanner\ is expanded each time \malware\ is called. This makes
+it possible to use different scanners. See further below for an example.
+However, using expandable items in \av@_scanner\ disables the result caching
+of the \malware\ condition.
+
+The condition takes a right-hand argument that is expanded before

 use. It can then be one of
 .numberpars $.
 `true', `*', or `1', in which case the message is scanned for viruses. The
 use. It can then be one of
 .numberpars $.
 `true', `*', or `1', in which case the message is scanned for viruses. The


@@ -23010,9 +23020,6 @@ When a virus is found, the condition sets up an expansion variable called
 \message\ modifier that specifies the error returned to the sender, and/or in
 logging data.
 
 \message\ modifier that specifies the error returned to the sender, and/or in
 logging data.
 

-The \malware\ condition caches its results, so when you use it multiple times
-for the same message, the actual scanning process is only carried out once.
-

 If your virus scanner cannot unpack MIME and TNEF containers itself, you should
 use the \demime\ condition (see section ~~SECTdemimecond) before the \malware\
 condition.
 If your virus scanner cannot unpack MIME and TNEF containers itself, you should
 use the \demime\ condition (see section ~~SECTdemimecond) before the \malware\
 condition.


@@ -23044,9 +23051,6 @@ deny message = This message contains malware ($malware_name)
    set acl_m0 = aveserver
    malware = *
 .endd
    set acl_m0 = aveserver
    malware = *
 .endd

-However, when \av@_scanner\ is expanded, the caching of the \malware\
-condition result does not happen, so each \malware\ condition call causes a
-new scan of the message.

 
 
 .section Scanning with SpamAssassin
 
 
 .section Scanning with SpamAssassin


@@ -23353,13 +23357,16 @@ All parts contained within an attachment multipart are attachments.
 .endp
 
 As an example, the following will ban `HTML mail' (including that sent with
 .endp
 
 As an example, the following will ban `HTML mail' (including that sent with

-alternative plain text), while allowing HTML files to be attached:
+alternative plain text), while allowing HTML files to be attached. HTML 
+coverletter mail attached to non-HMTL coverletter mail will also be allowed:

 .display asis
 deny message = HTML mail is not accepted here
 .display asis
 deny message = HTML mail is not accepted here

+   !condition = $mime_is_rfc822

    condition = $mime_is_coverletter
    condition = ${if eq{$mime_content_type}{text/html}{1}{0}}
 .endd
 
    condition = $mime_is_coverletter
    condition = ${if eq{$mime_content_type}{text/html}{1}{0}}
 .endd
 

+

 .tempindent 0
 \$mime@_is@_multipart$\:
 This variable has the value 1 (true) when the current part has the main type
 .tempindent 0
 \$mime@_is@_multipart$\:
 This variable has the value 1 (true) when the current part has the main type


@@ -23431,8 +23438,10 @@ CPU-intensive.
 .index MIME content scanning
 The \demime\ ACL condition provides MIME unpacking, sanity checking and file
 extension blocking. It uses a simpler interface to MIME decoding than the MIME
 .index MIME content scanning
 The \demime\ ACL condition provides MIME unpacking, sanity checking and file
 extension blocking. It uses a simpler interface to MIME decoding than the MIME

-ACL functionality, but provides no additional facilities. It is kept in exiscan
-for backward compatibility.
+ACL functionality, but provides no additional facilities. Please note that this
+condition is deprecated and kept only for for backward compatibility. You must
+set the WITH_OLD_DEMIME option in the Makefile at build time to be able to use
+the \demime\ condition.

 
 The \demime\ condition unpacks MIME containers in the message. It detects
 errors in MIME containers and can match file extensions found in the message
 
 The \demime\ condition unpacks MIME containers in the message. It detects
 errors in MIME containers and can match file extensions found in the message


@@ -23526,18 +23535,6 @@ certain amount through string expansions and the \condition\ condition in the
 ACL that runs after the SMTP \\DATA\\ command or the ACL for non-SMTP messages
 (see chapter ~~CHAPACL), but this has its limitations.
 
 ACL that runs after the SMTP \\DATA\\ command or the ACL for non-SMTP messages
 (see chapter ~~CHAPACL), but this has its limitations.
 

-.index \exiscan\
-An increasingly popular way of doing additional checking is to make use of the
-Exiscan patch for Exim, which adds ACL conditions that perform body scans of
-various kinds. This is available from
-.if ~~html
-[(A HREF="http://duncanthrax.net/exiscan-acl/")]
-/?http://duncanthrax.net/exiscan-acl/?\.
-[(/A)]
-.else
-\?http:@/@/duncanthrax.net/exiscan-acl/?\.
-.fi
-

 To allow for even more general checking that can be customized to a site's own
 requirements, there is the possibility of linking Exim with a private message
 scanning function, written in C. If you want to run code that is written in
 To allow for even more general checking that can be customized to a site's own
 requirements, there is the possibility of linking Exim with a private message
 scanning function, written in C. If you want to run code that is written in