On Thu, 19 Feb 2015, Reindl Harald wrote:
well, that can you achieve directly on the MTA but that won't help in case of
"emails containing MS office attachments with a Malicious VB script"
cat /etc/postfix/mime_header_checks.cf
/^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* =
\s*"?(.*?(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|class|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jar|jse|lnk|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|rar|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x
REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1"
(.rar because ClamAV can't scan the content on Fedora)
Is that a politically inspired limitation? If you build ClamAV from source
it can scan RAR.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
