On Wed, Mar 30, 2016 at 4:11 PM @lbutlr <krem...@kreme.com> wrote: > On Wed Mar 30 2016 13:34:23 Alex <mysqlstud...@gmail.com> said: > > > > > /^(Content-(Type|Disposition)\:|[[:space:]]+).*(file)?name="?.*\.doc"?;?$/ > > REJECT > > /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|swf|vb[esx]?|vxd|wsc|wsf|wsh))(\?=)?"?\s*(;|$)/x > REJECT Attachment name "$2" may not end with ".$3” > > Just add the MS Office file extensions to that. > > Then, when your users revolt and are banging on your door with pitchforks > and torches, take them out again. > > A user revolt sounds fun. :-) I don't want to block all attachments. I already block executables. I'm just looking at quarantining file attachments that could possibly have ransomware. We have a small user base and checking the quarantine and releasing good messages isn't a big deal.
Thanks! Rod
