On Tue, Dec 26, 2000 at 06:34:18AM +1300,
Alex King <alex@???> is thought to have said:
> > In the body:
> > ...
> > Content-Type: application/x-msdos-program
> > Content-Disposition: attachment; filename="Navi......."
> > ...
> >
> > My guess is that the attachment is not matched because it appears in
> > the body with no mention of it in the headers, is this right? If so,
> > is there no way to fail certain attchments using header matching in
> > the system filter? How do I match text in the body?
See the generic windows executable content filter at
ftp://ftp.exim.org/pub/filter/ or
http://www.us.exim.org/system_filter.exim
for an example of how to do this for all exes. Personally I prefer to not
filter all .exe files and instead use the following:
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"navidad.exe\"|navidad.exe)[\\\\s;]"
then
fail text "\tThis message has been rejected because it appears to\n\
\tcontain the W32.Navidad worm. See:\n\
\thttp://www.sarc.com/avcenter/venc/data/w32.navidad.html\n\
\tfor details. Please contact postmaster@??? with\n\
\tany questions."
seen finish
endif
Tabor
--
--------------------------------------------------------------------
Tabor J. Wells twells@???
Fsck It! Just another victim of the ambient morality
