Am 19.02.2015 um 14:46 schrieb Chad M Stewart:
I use amavis-new and block based on file type. My users should never get legit executables via email, so they are sent to a quarantine.### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary qr'^\.(exe|lha|cab|dll)$', # banned file(1) types # block certain double extensions in filenames qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic
well, that can you achieve directly on the MTA but that won't help in case of "emails containing MS office attachments with a Malicious VB script"
cat /etc/postfix/mime_header_checks.cf/^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* = \s*"?(.*?(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|class|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jar|jse|lnk|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|rar|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1"
(.rar because ClamAV can't scan the content on Fedora)
signature.asc
Description: OpenPGP digital signature
