The following is a simple ksh script along with a rule that I used
to block exe, pif, com, cmd and bat files with that arrive in zip
files. This could be extended of course.. but these were my
primary extensions I wanted to block.
It requires Exiscan-ACL but not the Beta version.
I tested this with Exim 4.30 Exiscan-ACL-14
Andrew D said:
> Kevin Reed said:
>> Eli said:
> -snip--
>>
>> Okay... I've got a ksh script that when I run it separately works
> great... It gets the right directory, finds the right zip file(s) and
> checks them the way I want them to.
>
> I don't spose you could give us a squizz at it :)
#!/usr/bin/ksh
###############################################################
# Locates an zip file and looks for extensions that end in
# .exe .pif .com .cmd and .bat
###############################################################
# Location of files
###############################################################
SCANDIR='/usr/spool/exim/scan'
UNZIP='/usr/local/bin/unzip'
###############################################################
cd ${SCANDIR}/$1
for i in `ls | egrep -i *.zip`
do
if [ `$UNZIP -l $i | egrep -i '(.exe$|.com$|.cmd$|.pif$|.bat$)' | wc -l`
-gt 0 ];
then
exit 1
fi
done
exit 0
>>
>> If it is sucessful (no file that is not allowed) it using exit 0
> otherwise it using exit 1.
I've used the following rule:
deny log_message = DENY: ZIP with Binary Attachment found
message = DENY: We don't allow Binary files in Zip files \n \
If you have questions please contact postmaster@$qualify_domain
demime = zip
condition = ${run\
{/usr/local/exim/bin/check_zip $message_id}\
{0}{1}}
I don't get a chance to do much shell scripting now days and would welcome
improvements... but this seems to work pretty good.
I need to change the notices in them as it really doesn't properly say
what is being blocked but it works for now.
Thanks to Eli last night for giving some good hints on what needed to be
done.
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
