Re: [exim] blocking executable attachments

Top Page
Delete this message
Reply to this message
Author: oliver egginger
Date:  
To: exim-users
Subject: Re: [exim] blocking executable attachments
Try this:

# Macro
BAD_ATTACHMENTS = cmd|com|js|reg|chm|cnf|hta|ins|scf|sct|vbs|vbe|wsc|wsf|wsh|xnk|mad|maf|mag|mar|mas|mat|mav|maw|bat|pif|scr|exe

# MIME-ACL: File extension filtering.
deny   message  = This message contains a prohibited file extension (${extract{-1}{.}{${lc:$mime_filename}}})
            condition       = ${if match{${extract{-1}{.}{${lc:$mime_filename}}}}{\N^(BAD_ATTACHMENTS)$\N}{1}{0}}



- oliver      



On Wed, 20 Jul 2005 11:51:12 +0200
Peter Velan <pv0001@???> wrote:

> Exim version 4.52 #1 built 02-Jul-2005 06:14:22
> Support for: iconv() IPv6 PAM Perl GnuTLS Content_Scanning Old_Demime
>
> Hello,
>
> to prevent messages with "bad" attachments, I have the following in my
> config:
>
> ---
> deny message = Attachments of type ".$found_extension" not allowed
> demime = bat : cmd : com : exe : lnk : pif : scr
> logwrite = :main,reject: bad atachment ($found_extension).
> ---
>
> This works very well; now I would like to do it the "modern way", like:
>
> ---
> deny message = Attachments of type ".$found_extension" not allowed
> condition = ${if match \
> {${lc:$mime_filename}} \
> {\N\.(bat|cmd|com|exe|lnk|pif|scr)$\N} \
> {yes} {no} \
> }
> logwrite = :main,reject: bad atachment ($found_extension).
> ---
>
> The "modern way" doesn't works for me: messages with "bad" attachments
> are accepted now.
>
> What I'm doing wrong?
>
> Peter
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/