Re: [exim] File extension filtering with smtp_mime_acl with …

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: exim-users
Subject: Re: [exim] File extension filtering with smtp_mime_acl with Mysql
On Wed, 21 Feb 2007, James Price wrote:

> From: James Price <james@???>
> To: exim-users@???
> Date: Wed, 21 Feb 2007 22:17:33 -0600
> Subject: [exim] File extension filtering with smtp_mime_acl with Mysql


...

> The file extensions all have the period leading the suffix... ex:
> .bat
>
> Not sure how to 1, generate the list


Get it from Microsoft. Have a look at:

http://office.microsoft.com/en-us/ork2003/HA011402971033.aspx

> and 2 do the actual check within mime acl. I looked at the
> specifications and could not find anything even close to what I'm
> trying to do. I have a custom front end to my database for my
> customers to manage their individual settings and would like to
> add file extension blocking to their available functions...


Can't help you here. Note that you're going to see problems
if a single email is sent to two or more people with different
individual settings. What do you do? This problem crops up on
this list on a regular basis.

I've the deprecated demime function compiled into my copy of exim.
So I've the following in my exim configuration:

As part of my macro settings:

# A list of file extensions that may be harmful to the health &
# welfare of crippleware on Windows machines. This list of dubious
# file extensions was taken from:
#
# http://www.microsoft.com/office/ork/2003/three/ch12/OutG07.htm
#
# DHD 12 October 2004
NASTIES1 = ade:adp:app:asp:bas:bat:cer:chm:cmd:com:cpl:crt
NASTIES2 = csh:exe:fxp:hlp:hta:inf:ins:isp:its:js:jse:ksh
NASTIES3 = lnk:mad:maf:mag:mam:maq:mar:mas:mat:mau:mav:maw
NASTIES4 = mda:mdb:mde:mdt:mdw:mdz:msc:msi:msp:mst:ops:pcd
NASTIES5 = pif:prf:prg:pst:reg:scf:scr:sct:shb:shs:tmp:url
NASTIES6 = vb:vbe:vbs:vsmacros:vss:vst:vsw:ws:wsc:wsf:wsh
NASTYGRAMS = NASTIES1:NASTIES2:NASTIES3:NASTIES4:NASTIES5:NASTIES6

and in the acl_smtp_data ACL, but commented out as I don't
use it:

  # Activate the following to reject email containing attachments
  # with dodgy extensions.  You possibly don't want to run this and
  # the virus checking.  Or at least run this with just the most
  # common dodgy extensions (vbs:com:bat:pif:scr:lnk etc) before the
  # full virus checking.
  #deny    message = Found blacklisted file attachment ($found_extension)
  #        log_message = exiscan-acl: rejected file attachment ($found_extension)
  #        demime = NASTYGRAMS


Note the above code doesn't take account of email sent to two or
more people with different individual settings.
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101