On Fri, 09 Jan 2004 15:19:31 Nigel Metheringham wrote:
>
> On Fri, 2004-01-09 at 15:05, Kevin Reed wrote:
> > # If the messae contains SCR or PIF we want to Log this
> > deny log_message = DENY: ATTACHMENT ($found_extension) for $acl_m3
> > message = Message Denied due to Content of a Unacceptable >
> Attachment type of ($found_extension) \n \
> > Please use other means to send this type of file. \n \
> > If you have questions please contact
> postmaster@$qualify_domain > demime = scr:pif:exe:com:bat
> > delay = 30s
>
> That acl requires the exiscan patch to work. Its also a remarkably
> short list of banned extensions :-)
>
--
here is a much more complete list of extensions to blocak useing the
exiscan acl patch. I run these before any virus scanning but after the
initial MIME error check; and yes, I do know that this may not help much
for those not useing exiscan.
just add this to the DATA acl:
#This is for extensions that even MS says are bad, reference this page
# http://support.microsoft.com/default.aspx?scid=kb;EN-US;290497
deny message = $found_extension files are not accepted here
demime = ade : adp : asx : bas : bat : chm : cmd : com : cpl : crt \
: exe : hlp : hta : inf : ins : isp : js : jse : lnk : mda \
: mdb : mde : mdt : mdw : mdz : msi : msp : mst : ops : pcd \
: pif : prf : reg : scf : scr : shb : shs : url : vb : vbe \
: vbs : wsc : wsf : wsh : cnf : mad : maf : mag : mam : maq \
: mar : mas : mat : mav : maw : xnk : mhtml : msc : sct
#This is for all of those CLSID extension hiding techniques
# the regex is all one line, so be carefull about cut and past
deny message = $found_extension files are not accepted here
regex = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-
9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$
--EAL--
