I need help to convert my system_filter to regex_mime expression. All
expressions RUN OK and are tested in my client servers. I convert for use in
"acl_smtp_mime" and "acl_smtp_data"...
The acls is:
1) Block URL to executable (exe, com, pif etc...)
2) Block IMG SRC witch cgi query, for valiate email of users (Spyware Images:
img src=....?=idofuser=UID)
3) Block Script.ENCODE binary deny
4) Block Embeebed Object in Mail
-------------------------------------------------------------
#1) Virus tipo link para Executaveis
if $message_body matches "(?ixm-s)\
(?:(?:<[^>=]*)(?:href|src)(?:\\\\s*=)(?:3D)?)?\
((?:\"?)\
(?:(?:http[s]?|ftp)://[^\"\? ]+/)\
(?:[^\"\?. ]+(?:\\\\.|2E))+\
(?:ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|\
jar|lnk|md[bez]|ms[cipt]|ole|ocx|pcd|pif|reg|sc[rt]|sh[sb]|sys|url|vb[es]?|vxd|ws[cfh]|cab)\
(?:[?][=])?(?:\"?)\\\\s(?:<[^<]*)?)"
then
fail text "This message contains an unwanted link for binary file\n\
Link: $1"
seen finish
endif
#2)Teste de Email atraves de Imagens SRC
if $message_body matches "(?ixm-s)\
(?:src=)(?:3D)?\
((?:\"?)\
(?:(?:http[s]?|ftp)://[^\"\? ]+/)\
(?:[^\">])*(?:[?&])(?:[^\">])*\
(?:\"?))(?:[^>]*>)"
then
fail text "This message contains an unwanted link for embebbed cgi\n\
Src: $1"
seen finish
endif
#3)Virus tipo Assinatura OUTLOOK
if $message_body matches "(?ixm-s)\
(?:SCRIPT)(?:[^\"=>]*language=)?(?:3D)?\
([^\">]* \
(?:Encode) \
[^\">]*)"
then
fail text "This message contains an unwanted script encode\n\
Script: $1"
seen finish
endif
#4) Objetos Vinculados
if $message_body matches "(?ixm-s)\
(?:OBJECT)\
(.*)\
(?:[>].*[<].*)(?:OBJECT)"
then
fail text "This message contains an unwanted link for embebbed object\n\
Obj: $1"
seen finish
endif
-------------------------------------------------------------
Cordialmente, Silmar A. Marca
GrupoGSN - Desenvolvimento, Implantação e Verificação de Servidores
Profissionais baseados em Linux/Novell
