Re: [Exim] Re: system filter stuff

Pàgina inicial
Delete this message
Reply to this message
Autor: Tabor J. Wells
Data:  
A: Alex King
CC: exim-users
Assumpte: Re: [Exim] Re: system filter stuff
On Tue, Dec 26, 2000 at 06:34:18AM +1300,
Alex King <alex@???> is thought to have said:

> > In the body:
> > ...
> > Content-Type: application/x-msdos-program
> > Content-Disposition: attachment; filename="Navi......."
> > ...
> >
> > My guess is that the attachment is not matched because it appears in
> > the body with no mention of it in the headers, is this right? If so,
> > is there no way to fail certain attchments using header matching in
> > the system filter? How do I match text in the body?


See the generic windows executable content filter at
ftp://ftp.exim.org/pub/filter/ or http://www.us.exim.org/system_filter.exim
for an example of how to do this for all exes. Personally I prefer to not
filter all .exe files and instead use the following:

if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"navidad.exe\"|navidad.exe)[\\\\s;]"
then 
  fail text "\tThis message has been rejected because it appears to\n\
             \tcontain the W32.Navidad worm. See:\n\
             \thttp://www.sarc.com/avcenter/venc/data/w32.navidad.html\n\
             \tfor details. Please contact postmaster@??? with\n\
             \tany questions."
  seen finish
endif


Tabor

-- 
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality