# Exim filter
## Version: 0.11
# Vincent Renardias <vincent@debian.org>

## If you haven't worked with exim filters before, read
## the install notes at the end of this file.

if not first_delivery
then
  finish
endif

# Check for MS buffer overruns as per latest BUGTRAQ.
# http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
  fail text "This message has been rejected because it has\n\
             \tan overlength date field which can be used\n\
             \tto subvert Microsoft mail programs\n\
             \tThe following URL has further information\n\
             \thttp://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61"
  seen finish
endif

if error_message
then
	finish
endif

# The following is the Amavis-ng/EximPerl configuration
# remove/comment them if you're not using amavis with exim-perl

if ${perl{amavis_filter_scan}{$message_id}{$sender_address}{$recipients}} is "drop"
then
    seen finish
elif ${perl{amavis_filter_result}} is "fail"
then
  fail "${perl{amavis_filter_text}}"
elif ${perl{amavis_filter_result}} is "freeze"
then
  freeze "${perl{amavis_filter_text}}"
elif ${perl{amavis_filter_result}} is "accept"
then
  headers add "X-Virus-Scanned: by ${primary_hostname}; ${tod_full}" 
else
  freeze "illegal output from amavis_filter_result: \
  ${perl{amavis_filter_result}}"
endif