On Wed, 3 Mar 2004, Ron McKeating wrote:
| What I want to do is have a simple way of detecting and failing any
| password encrypted zip files.
Could put this in your DATA ACL (sorry for long line):
deny message = Encrypted zip attachments are not allowed
condition = ${if match{$message_body:}{ UEsDB....[Q-Za-fw-z0-9\+/]}{yes}{no}}
This should recognise encrypted zip attachments from the Base64 encoding.
Remember, the two spaces match the blankline+newline.
My derivation is below. I hope its right...
Cheers
Chris
----------------------------------------------------------------------------
http://www.idcnet.us/zip/zip-format.txt
- The zip header has first four bytes hex = 50 4b 03 04
- The "encrypted" flag is first bit of the 7th byte
So, doing the maths:
Hex 50 4b 03 04 X X bit0set X
Binary 01010000 01001011 00000011 00000100 xxxxxxxx xxxxxxxx xxxxxxx1 xxxxxxxx
6bits: 010100 000100 101100 000011 000001 00xxxx xxxxxx xxxxxx xxxxxx x1xxxx
Dec: 20 4 44 3 1 0-15 . . . 16-31, 48-63
Base64 U E s D B A-P . . . Q-Za-fw-z0-9+/
Regexp: UEsDB....[Q-Za-fw-z0-9\+/]
--
Chris Edwards, Glasgow University Computing Service
