In testing the filters that have been posted to the ftp site I think I may
have found a case that escapes the filters. I don't have a windows box
handy so I can't test if Outlook would even treat this as an executable as
it is being sent with the MIME type test/PLAIN. I've attached the entire
message. This may be relevant to Nigel's latest post on MIME headers, I'm
still learning my way around most of this.
I've also attempted to add logging and a mail notification to the filter.
Neither of them seem to be functioning from within the if-then loop, but the
fail portion seems to work fine in that same loop. Any ideas why a line
like this isn't working:
mail text "At $tod_log $sender_address tried to send $recipients a denied executable file" subject "Executable Alert!" to administrator@???
Thanks,
--
Jason Cook
MIS Director
Dayton Systems Group
PGP Fingerprint: D531 F4F4 BDBF 41D1 514D F930 FD03 262E 5120 BEDD
PGP Key:
http://dayton.net/~dsg/pgp.html
Scotty is smoking the dilithium crystals again, JimFrom dsg@??? Tue May 9 10:16:15 2000
Received: from dayton.net (quark.dayton.net [199.218.243.8]) by ratbert.dsgtech.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
id K1K55XA8; Tue, 9 May 2000 10:16:14 -0400
Received: from localhost (dsg@localhost)
by dayton.net (8.8.7/8.8.7) with SMTP id KAA02548
for <jasonc@???>; Tue, 9 May 2000 10:10:18 -0400
Date: Tue, 9 May 2000 10:10:07 -0400 (EDT)
From: Dayton Systems Group <dsg@???>
To: jasonc@???
Subject: Blah
Message-ID: <Pine.LNX.3.96.1000509100951.2518A-200000@???>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-624490253-600549634-957881407=:2518"
Status: RO
Content-Length: 622
Lines: 19
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@??? for more info.
---624490253-600549634-957881407=:2518
Content-Type: TEXT/PLAIN; charset=US-ASCII
Blah
---624490253-600549634-957881407=:2518
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="test.vbs"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.3.96.1000509101007.2518B@???>
Content-Description:
YmxhbGFiZmxoa2phZGZsamE7bHNkZ2psO2thanNkbDtnamxrO2Fq
---624490253-600549634-957881407=:2518--