warn decode = default

deny message = Blacklisted file extension detected ($mime_filename)
     condition = ${if !eq{$acl_c_esf_skip}{1}}
     condition = ${if match \
                  {${lc:$mime_filename}} \
                  {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.vbs|\.cpl|\.jar)$\N} \
                  {1}{0}}

deny
    message = zip file contains an attachment with a dangerous payload ($mime_filename).
    condition = ${if !eq{$acl_c_esf_skip}{1}}
    condition = ${if match \
                  {${lc:$mime_filename}} \
                  {\N(\.zip)$\N} \
                  {1}{0}}
    condition = ${run{/bin/sh -c '/etc/exim.easy_spam_fighter/exim_check_attachment.sh zip $message_exim_id $mime_decoded_filename'}{0}{1}}
    log_message = exim_check_attachment.sh: '$mime_filename' contains a dangerous payload.