On 3-Nov-2009, at 07:13, Stan Hoeppner wrote:
Anyone have a filter they'd like to share that rejects mail at smtp
based on known malicious attachment file types?
main.cf:
mime_header_checks = pcre:$config_directory/mime_headers.pcre
$ cat mime_headers.pcre
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ade|adp|bas|bat|
chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde|mdt|
mdw|msc|msi|msp|mst|nws|ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|
swf|vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x REJECT Attachment
name "$2" may not end with ".$3"
That said, executable attachments in email are EXTREMELY rare anymore.
They seem to arrive as zip files and rely on the innate stupidity of
the receiver. I've only seen a handful this month and they were
all .swf files.
--
We only remembers that the elves sang. We forgets what it was they
were singing about. --Lords and Ladies
