[Exim] Virus Expressions...

Author: Silmar A. Marca
Date:
To: exim-users
Subject: [Exim] Virus Expressions...

I'm use migrate system_filter->eximscan with exim. Have sujjestions for a simpe
transform? I' transform fourth expression in "demime = exe:com...". And other??
Have any sujestions????
In my expressions have:

1) Script embebed Outlook:
--------------
if $message_body matches "(?ixm-s)\
        (?:SCRIPT)(?:[^\"=>]*language=)?(?:3D)?\
                ([^\">]* \
                 (?:Encode) \
                [^\">]*)"
then
  fail text "Script : $1 "
  seen finish
endif
-------------------
2) Link to executables <A href=...>
if $message_body matches "(?ixm-s)\
        (?:(?:<[^>=]*)(?:href|src)(?:\\\\s*=)(?:3D)?)?\
        ((?:\"?)\
         (?:(?:http[s]?|ftp)://[^\"\? ]+/)\
         (?:[^\"\?. ]+(?:\\\\.|2E))+\

(?:ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|\

jar|lnk|md[bez]|ms[cipt]|ole|ocx|pcd|pif|reg|sc[rt]|sh[sb]|sys|url|vb[es]?|vxd|ws[cfh]|cab)\
        (?:[?][=])?(?:\"?)\\\\s)"
then
  fail text "HREF exec : $1 "
  seen finish
endif
---------------------
3) Spyware IMAGES
if $message_body matches "(?ixm-s)\
        (?:src=)(?:3D)?\
        ((?:\"?)\
         (?:(?:http[s]?|ftp)://[^\"\? ]+/)\
         (?:[^\">])*(?:[?=+,])(?:[^\">])*\
        (?:\"?))(?:[^>]*>)"
then
  fail text "IMG SRC Spy : $1 "
  seen finish
endif
----------------------
4) Executables with, and without quotes or correct headers
if $message_body matches "(?ixm-s)(?:name=)(?:3D)?\
        ((?:\"?)\
         (?:[^\".]+(?:[.]|2E))+\

(?:ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|\

jar|lnk|md[bez]|ms[cipt]|ole|ocx|pcd|pif|reg|sc[rt]|sh[sb]|sys|url|vb[es]?|vxd|ws[cfh]|cab)\
        (?:[?][=])?(?:\"?[\\\\s;]))"
then
  fail text "EXEC file : $1 "
  seen finish
endif
-----------------------

Cordialmente, Silmar A. Marca
GrupoGSN - Desenvolvimento, Implantação e Verificação de Servidores
Profissionais baseados em Linux/Novell
http://www.grupogsn.com.br/~marca/
------------------------------------------------------------
Se algo não lhe faz mal (fisico, moral ou psicologicamente),
experimente! O máximo e você perder tempo! E tempo, e
o que você tem a vida toda pra perder.....
Mais vale um instante de prazer que uma eternidade fútil!
------------------------------------------------------------

This message is part of the following thread:
	the complete thread tree sorted by date