Did you i got right, that you are trying to detect renamed extension by its extension ? ummm... sounds like mission impossible to me.
My colleague has developed this functionality and he is able to block attachments by its mime type. He detect real mime type of each attachment and compare to banned mime types. We got it integrated into qmail-scanner , but somebody would have to create an installation module for ./configuration phase. cheers tomas On 03/23/2011 04:38 PM, Ethy H. Brito wrote: > From: "Ethy H. Brito"<ethy.br...@inexo.com.br> > To: Salvatore Toribio<tori...@pusc.it> > Subject: Re: [Qmail-scanner-general] disguised .exe files > Date: Wed, 23 Mar 2011 12:36:56 -0300 > Organization: InterNexo Ltda. > X-Mailer: Claws Mail 3.7.6 (GTK+ 2.18.3; i486-pc-linux-gnu) > > On Wed, 23 Mar 2011 08:58:25 +0100 > Salvatore Toribio<tori...@pusc.it> wrote: > >> Hi Ethy >> >> Just edit /var/qmail/bin/qmail-scanner-queue.pl and change >> my $BAD_MIME_CHECKS='2' > Hi ST. > > nop. did not wotk. > > I downloaded and installed 2.08 (was 2.01). > compiled with: > > # ./configure --spooldir /var/spool/qmailscan --qmaildir /var/qmail --bindir > /var/qmail/bin --qmail-queue-binary /var/qmail/bin/qmail-queue --admin > postmaster --domain bla.com.br --admin-description > "System-Anti-Virus-Administrator" --notify sender --local-domains bla.com.br > --max-scan-size 100000000 --silent-viruses auto --sa-timeout 120 > --sa-faulttolerant 1 --sa-maxsize 256000 --sa-quarantine 2 --sa-tempfail 1 > --quarantine-reject 0 --lang pt_BR --debug 1 --unzip 0 --max-zip-size > 1000000000 --add-dscr-hdrs 0 --normalize yes --archive 0 --redundant yes > --skip-text-msgs 1 --log-details yes --log-crypto 0 --fix-mime 2 > --ignore-eol-check 0 --scanners "clamdscan,fast_spamassassin" > > Most options are defaults. > > same result: .exe renamed files pass through untouched. > > Now what? Anything else? > > Ethy > > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > Qmail-scanner-general mailing list > Qmail-scanner-general@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
