RE: [Exim] Bombarded by pif attachments

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Segree, Gareth
CC: 'exim-users@exim.org'
Subject: RE: [Exim] Bombarded by pif attachments
On Thu, 2003-09-04 at 14:47, Segree, Gareth wrote:
> >deny    message   = This message contains an unwanted file extension \
> >                  ($found_extension)
> >  demime          = pif:exe:com:scr:vbs
> What I have done was put this in the system-filter.
> Doesn't this have the same effect.


Almost.

First with the system filter you are only looking at a (smallish) window
of the body.

Second parsing MIME with regular expressions, especially when the MIME
has been broken by someone (exim) doing strange line end replacements,
is fraught with failure (for example your RE doesn't get unquoted
filenames, and would break if there was any other legal spacing).

The system filter approach was originally written by me as a stop-gap to
solve a particular urgent problem - the love-bug virus. I never
intended it to become an overall content protection mechanism, and do
not use it myself any longer.

    Nigel.
--
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]