On Tue, Sep 21, 2010 at 09:09:13PM -0500, Stan Hoeppner wrote:
> bper put forth on 9/21/2010 2:26 PM:
>
> > Point taken. I have, and still am, investigating AV scanning. What are your
> > thoughts on the best solution/fit with postfix?
>
> Someone else will need to answer. I don't do A/V scanning in Postfix.
> I simply reject any emails, using mime_header_checks, that contain
> attachment types likely to contain viral payload. I can get away with
> this as my user base is very small and well educated. This method
> probably does not scale for most other environments.
>
> /etc/postfix/mime_header_checks
> # Reject email containing unwanted attachments
>
> /name=\"(.*)\.(386|bat|chm|cpl|cmd|com|do|exe|hta|jse|lnk|msi|ole)\"$/
> REJECT Unwanted attachment $1.$2
> /name=\"(.*)\.(pif|reg|rm|scr|shb|shm|shs|sys|vbe|vbs|vxd|xl|xsl)\"$/
> REJECT Unwanted attachment $1.$2
>
> This is by no means a complete list, as there are probably some I should
> have but am missing.
More importantly, these regular expressions do not consider the
possibility of legal white-space around the "=" sign in the MIME
"attribute = value" syntax. Nor do they consider the possibility that
the attribute value may not require double-quotes.
More robust patterns have been posted to the list in the past, and
some are even found in Postfix documentation:
http://www.postfix.org/header_checks.5.html
(the EXAMPLES section).
No regexp pattern check is a complete MIME parser. YMMV.
--
Viktor.
