On Wed, 21 Feb 2007, James Price wrote:
> From: James Price <james@???>
> To: exim-users@???
> Date: Wed, 21 Feb 2007 22:17:33 -0600
> Subject: [exim] File extension filtering with smtp_mime_acl with Mysql
...
> The file extensions all have the period leading the suffix... ex:
> .bat
>
> Not sure how to 1, generate the list
Get it from Microsoft. Have a look at:
http://office.microsoft.com/en-us/ork2003/HA011402971033.aspx
> and 2 do the actual check within mime acl. I looked at the
> specifications and could not find anything even close to what I'm
> trying to do. I have a custom front end to my database for my
> customers to manage their individual settings and would like to
> add file extension blocking to their available functions...
Can't help you here. Note that you're going to see problems
if a single email is sent to two or more people with different
individual settings. What do you do? This problem crops up on
this list on a regular basis.
I've the deprecated demime function compiled into my copy of exim.
So I've the following in my exim configuration:
As part of my macro settings:
# A list of file extensions that may be harmful to the health &
# welfare of crippleware on Windows machines. This list of dubious
# file extensions was taken from:
#
#
http://www.microsoft.com/office/ork/2003/three/ch12/OutG07.htm
#
# DHD 12 October 2004
NASTIES1 = ade:adp:app:asp:bas:bat:cer:chm:cmd:com:cpl:crt
NASTIES2 = csh:exe:fxp:hlp:hta:inf:ins:isp:its:js:jse:ksh
NASTIES3 = lnk:mad:maf:mag:mam:maq:mar:mas:mat:mau:mav:maw
NASTIES4 = mda:mdb:mde:mdt:mdw:mdz:msc:msi:msp:mst:ops:pcd
NASTIES5 = pif:prf:prg:pst:reg:scf:scr:sct:shb:shs:tmp:url
NASTIES6 = vb:vbe:vbs:vsmacros:vss:vst:vsw:ws:wsc:wsf:wsh
NASTYGRAMS = NASTIES1:NASTIES2:NASTIES3:NASTIES4:NASTIES5:NASTIES6
and in the acl_smtp_data ACL, but commented out as I don't
use it:
# Activate the following to reject email containing attachments
# with dodgy extensions. You possibly don't want to run this and
# the virus checking. Or at least run this with just the most
# common dodgy extensions (vbs:com:bat:pif:scr:lnk etc) before the
# full virus checking.
#deny message = Found blacklisted file attachment ($found_extension)
# log_message = exiscan-acl: rejected file attachment ($found_extension)
# demime = NASTYGRAMS
Note the above code doesn't take account of email sent to two or
more people with different individual settings.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@??? Phone: +44 1225 386101
