Hello regexperts
I think that there is a bug in this filter. I sent an attached VB script
with "Pegasus Mail" and it went straight through. (I am not sure of
Pegasus could be used by VB to send mail via Mappi ... but it may
be worth sorting this out).
The MIME headers are as follows (possibly word wrapped):
--Message-Boundary-3386
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Text from file 'LOVE-LETTER-FOR-
YOU.TXT.vbs'
rem
rem All Nasty Content Removed
rem
--Message-Boundary-3386--
The magic filter line (wrapped a bit) is
if $message_body matches "(?:Content-(?:Type:
\\\\s*[\\\\w-]+/[\\\\w]+
|Disposition:\\\\s*attachment);
\\\\s*
(?:file)?name=|begin\\\\s+[0-7]{3,4}\\\\s+
)(\"[^\"]+\\\\.
(?:vbs|vbe|wsh|wsf|js|jse|exe|com|bat)
\"|[\\\\w.-]+\\\\.
(?:vbs|vbe|wsh|wsf|js|jse|exe|com|bat))[\\\\s;]"
Am I right in thinking that this misses "Content-description"
altogether?
Is anybody brave enough to propose a "fix"?
Also what passes for a "valid" MIME header?.
Note. I also had to increase message_body_visable to 1500 to be
sure of catching the filename line. (Pegasus puts a help message
in the an separate attachment and a signature above this MIME
header.)
Ian Forbes
Ian Forbes
---------------------------------------------------------------------
Ian Forbes ZSD
http://www.zsd.co.za
Office: +27 +21 683-1388 Fax: +27 +21 64-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa
---------------------------------------------------------------------
