Hello all,
In trying to block pif/bat/scr.. I've not been able to get this simpler
looking demime check to work.
# this just doesn't work :(
#deny message = This message contains an attachment of a type which we
do not accept. (.$found_extension)
# demime = bat:cmd:com:exe:hta:pif:prf:lnk:scr:shm:vbs:wcs:wsh
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
these are my acls
acl_check_data:
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
require verify = header_syntax
require verify = header_sender
# this just doesn't work :(
deny message = This message contains an attachment of a type which we
do not accept. (.$found_extension)
demime = bat:cmd:com:exe:hta:pif:prf:lnk:scr:shm:vbs:wcs:wsh
# Reject virus infested messages.
deny message = This message contains malware ($malware_name)
demime = *
malware = *
(etc .. )
acl_check_mime:
# Decode MIME parts to disk. This will support virus scanners later.
warn decode = default
# this just doesn't work :(
#deny message = This message contains an attachment of a type which we
do not accept. (.$found_extension)
# demime = bat:cmd:com:exe:hta:pif:prf:lnk:scr:shm:vbs:wcs:wsh
# File extension filtering.
# This works
deny message = blocked file extension: [$mime_filename]
condition = ${if match {${lc:$mime_filename}} \
{\N(\.bat|\.cmd|\.com|\.exe|\.hta|\.pif|\.prf|\.lnk|\.scr|\.shm|\.vbs|\.wcs|\.wsh)$\N}
\
{1}{0}}
(etc.. )
In my logs I get messages from the acl_check_mime check which uses
(\.bat|\.pif\.scr) ..
I'd like to use bat:pif:scr ..
How do I do that?
