RE: [Exim] Bombarded by pif attachments

Top Page
Delete this message
Reply to this message
Author: Segree, Gareth
Date:  
To: 'Jez Hancock'
CC: 'exim-users@exim.org'
Subject: RE: [Exim] Bombarded by pif attachments
>deny message = This message contains an unwanted file extension \
>                  ($found_extension)
>  demime          = pif:exe:com:scr:vbs

What I have done was put this in the system-filter.
Doesn't this have the same effect.

/etc/mail/system-filter

if $header_content-type: matches
"(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hl
p|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]
|ws[fhc])\")"
then
   fail text "This message has been rejected because it has\n\
              potentially executable content $1\n\
              This form of attachment has been used by\n\
              recent viruses or other malware.\n\
              If you meant to send this file then please\n\
              package it up as a zip file and resend it."
   seen finish
Endif



-----Original Message-----
From: Jez Hancock [mailto:jez.hancock@munk.nu]
Sent: Wednesday, September 03, 2003 4:33 PM
To: 'exim-users@???'
Subject: Re: [Exim] Bombarded by pif attachments


On Wed, Sep 03, 2003 at 03:47:22PM -0500, Segree, Gareth wrote:
> I have been bombarded with pif attachments over the past week. How can
> I do the following
> 1) tell exim not to launch spam assassin for mails > than a certail
> size

Add a condition:
    condition = ${if <{$message_size}{80k}{1}{0}}
before the part that launches SA.


> 2) delete mails with pif/exe/com/scr/vbs attachments

Add this to your acl_smtp_data acl to deny messages with those
attachments:

deny    message   = This message contains an unwanted file extension \
                  ($found_extension)
  demime          = pif:exe:com:scr:vbs


You might want to add 'bat:lnk' to the end of the list as well - someone
posted a comprehensive list on here a few weeks ago.

--
Jez

http://www.munk.nu/

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##