> On 16 Sep 2014, at 13:00 , Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On Tue, Sep 16, 2014 at 01:41:36PM -0500, Noel Jones wrote: > >> I've used the below for a few years with good results. It's better, >> but surely not perfect. >> >> >> # block windows executables PCRE >> /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( >> ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta| >> inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws| >> ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf| >> vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))(\?=)?"?\s*$/x > > This assumes that "name" or "filename" is the last attribute in > the header. It might instead be followed by a ";" and more > attributes. So for a bit more generality, try the below: > > # block windows executables PCRE > /^\s*Content-(?:Disposition|Type): # Header label > (?:.*?;)? \s* # Any prior attributes > (?:file)?name\s*=\s*"? # name or filename > ( # Capture name for response > .*?(\.|=2E) # File basename and "." > (ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta| > inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws| > ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf| > vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh) # Capture risky extensions > ) # Close capture > (?:\?=)? # Trailer of ad-hoc RFC 2047 > encoding > "? # Optional close quote > \s*(;|$) # End of attribute or header > /x > > [ untested ]
Hmm. I’ve been using the same check as Noel for many years. More than 10. I’ve never received an attachment in that list, so … -- The Earth is like a tiny grain of sand, only much, much heavier.
