On 3/31/2011 1:34 PM, Ned Slider wrote:
I'd go a step further and say no way you should be accepting
executables at the smtp level, so no reason to be passing them to SA
for scanning in the first place. These should be rejected or
quarantined elsewhere in the mail chain.
Agreed. One of my oldest (probably needs a tune-up) and most effective
postfix rules is:
/^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(
ade|adp|asf|asx|avi|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ins|
isp|js|jse|lnk|mdb|mde|mdt|mdw|mp3|mpe|mpg|mpeg|msc|msi|msp|mst|nws|
ops|pcd|pif|prf|qt|ram|rm|rmj|reg|scf|scr\??|sct|shb|shs|shm|swf|vb[esx]?|
wma|wmv|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x REJECT 598 Attachment
name "$2" rejected. Attachments of
this type are not allowed.
