OK, here's the new slightly modded version
Its also at:-
ftp://ftp.exim.org/pub/filter/system_filter.exim
MD5 sig is
d044d7d150e47272e4f6f44bd86c7ec0 system_filter.exim
Nigel.
# Exim filter
#
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have serveral delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
if error_message or not first_delivery
then
finish
endif
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants
#
if $message_body matches "(?:Content-(?:Type:\\\\s*[\\\\w-]+/[\\\\w-]+|Disposition:\\\\s*attachment);\\\\s*(?:file)?name=|begin\\\\s+[0-7]{3,4}\\\\s+)(\"[^\"]+\\\\.(?:vbs|vbe|wsh|wsf|js|jse|exe|com|bat)\"|[\\\\w.-]+\\\\.(?:vbs|vbe|wsh|wsf|js|jse|exe|com|bat))[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
\tan apparently executable attachment $1\n\
\tThis form of attachment has been used by\n\
\trecent viruses such as that described in\n\
\thttp://www.fsecure.com/v-descs/love.htm\n\
\tIf you meant to send this file then please\n\
\tpackage it up as a zip file and resend it."
seen finish
endif
# Version history
#
# 0.01 5 May 2000
# Initial release
# 0.02 8 May 2000
# Widened list of content-types accepted, added WSF extension
#
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
