Re: [Exim] Generic VBS script detection

Góra strony
Delete this message
Reply to this message
Autor: Nigel Metheringham
Data:  
Dla: Exim
Temat: Re: [Exim] Generic VBS script detection
So currently the regex is running like this (remember its intended to be
case insensitive perl extended - ie m@regex@ix - so the white space and
comments are *not* part of the regex):-

  (?:Content-                    # start of content header
  (?:Type: \s*                    # rest of c/t header
    application/octet-stream            # content-type
    |Disposition: \s*                # content-disposition hdr
    attachment)                    # content-disposition
  ;\s*                        # space or newline
  (?:file)?name=                # filename=/name= 
  |begin \s+ [0-7]{3,4} \s+)             # begin octal-mode
  (\"[^\"]+\.(?:vbs|vbe|wsh|js|jse)\"        # quoted filename.ext
  |[\w.-]+\.(?:vbs|vbe|wsh|js|jse))        # unquoted filename.ext
  [\s;]                        # trailing ;/space/newline


Changes from first one:-
  1. quoted filename fixed (thx Jeffrey)
  2. unquoted filename simplified (Jeffrey again)
  3. Selection of extensions (Jeffrey yet again)
  4. Additional of trailing \s (Me)
  5. Change to also detect Content-disposition: attachment
     headers as well as content-type - I think a text/plain
     attach with appropriate disposition might also have 
     worked (Me)


[(4) replies on the exim behaviour of mapping newline->space in the body expansion]

Comments welcome - I am just starting to code this up for exim.

    Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]