I'm use migrate system_filter->eximscan with exim. Have sujjestions for a simpe
transform? I' transform fourth expression in "demime = exe:com...". And other??
Have any sujestions????
In my expressions have:
1) Script embebed Outlook:
--------------
if $message_body matches "(?ixm-s)\
(?:SCRIPT)(?:[^\"=>]*language=)?(?:3D)?\
([^\">]* \
(?:Encode) \
[^\">]*)"
then
fail text "Script : $1 "
seen finish
endif
-------------------
2) Link to executables <A href=...>
if $message_body matches "(?ixm-s)\
(?:(?:<[^>=]*)(?:href|src)(?:\\\\s*=)(?:3D)?)?\
((?:\"?)\
(?:(?:http[s]?|ftp)://[^\"\? ]+/)\
(?:[^\"\?. ]+(?:\\\\.|2E))+\
(?:ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|\
jar|lnk|md[bez]|ms[cipt]|ole|ocx|pcd|pif|reg|sc[rt]|sh[sb]|sys|url|vb[es]?|vxd|ws[cfh]|cab)\
(?:[?][=])?(?:\"?)\\\\s)"
then
fail text "HREF exec : $1 "
seen finish
endif
---------------------
3) Spyware IMAGES
if $message_body matches "(?ixm-s)\
(?:src=)(?:3D)?\
((?:\"?)\
(?:(?:http[s]?|ftp)://[^\"\? ]+/)\
(?:[^\">])*(?:[?=+,])(?:[^\">])*\
(?:\"?))(?:[^>]*>)"
then
fail text "IMG SRC Spy : $1 "
seen finish
endif
----------------------
4) Executables with, and without quotes or correct headers
if $message_body matches "(?ixm-s)(?:name=)(?:3D)?\
((?:\"?)\
(?:[^\".]+(?:[.]|2E))+\
(?:ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|\
jar|lnk|md[bez]|ms[cipt]|ole|ocx|pcd|pif|reg|sc[rt]|sh[sb]|sys|url|vb[es]?|vxd|ws[cfh]|cab)\
(?:[?][=])?(?:\"?[\\\\s;]))"
then
fail text "EXEC file : $1 "
seen finish
endif
-----------------------
Cordialmente, Silmar A. Marca
GrupoGSN - Desenvolvimento, Implantação e Verificação de Servidores
Profissionais baseados em Linux/Novell
http://www.grupogsn.com.br/~marca/
------------------------------------------------------------
Se algo não lhe faz mal (fisico, moral ou psicologicamente),
experimente! O máximo e você perder tempo! E tempo, e
o que você tem a vida toda pra perder.....
Mais vale um instante de prazer que uma eternidade fútil!
------------------------------------------------------------