Re: [exim] How to block the mails which contain .exe inside …

Góra strony
Delete this message
Reply to this message
Autor: Anant
Data:  
Dla: exim-users
Temat: Re: [exim] How to block the mails which contain .exe inside a zip file
Thanks Duane,

I have installed Clamav in my server still i am not able to stop the
mails containing .exe file inside the zip file using Clamav. Basically i
have tested it with a setup .exe file which is not a virus. and exim is
even not stopping it...

I have got one more method to do the same from a post, and it is working
for me.

Put these lines in exim.conf

*deny    log_message = DENY: ZIP with Binary Attachment found**
**        message = DENY: We don't allow Binary files in Zip files \n \**
**          If you have questions please contact at 09282192727**
**        demime = zip**
**        condition = ${run\**
**                  {/etc/exim/check_zip $message_id}\**
**                  {0}{1}}*


create a script at /etc/exim/check_zip

*#!/usr/bin/ksh**
**###############################################################**
**# Locates an zip file and looks for extensions that end in**
**# .exe .pif .com .cmd and .bat**
**###############################################################**
**# Location of files**
**###############################################################**
**SCANDIR='/var/spool/exim/scan/'**
**UNZIP='/usr/bin/unzip'**
**###############################################################**
**cd ${SCANDIR}/$1**
**for i in `ls | egrep -i *.zip`**
**do**
**if [ `$UNZIP -l $i | egrep -i '(.exe$|.com$|.cmd$|.pif$|.bat$)' | wc -l`**
**-gt 0 ];**
**then**
**exit 1**
**fi**
**done**
**exit 0*

But I will really Appreciate if some one can do that with Clamav.

Heartly thanks to Duane for help.. :)


Regards,
Anant

On Monday 13 January 2014 11:08 PM, Duane Hill wrote:
> Monday, January 13, 2014, 4:52:01 PM, you wrote:
>
>> Hello Guys,
>> I am new to exim. I want to block all the mails containing
>> .exe(attachment) So for that i used that in my exim file
>> acl_check_mime:
>>     # File extension filtering.
>>     deny message = Blacklisted file extension detected
>>          condition = ${if match \
>>                           {${lc:$mime_filename}} \

>>
>> {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
>>                        {1}{0}}
>> But now my problem is that many of user is sending .exe inside the .zip
>> file, Please Guide me how can i block that mails. Any help is appriciated.
> If  1)  you scan and reject with ClamAV, and 2) strictly use ClamAV on
> the  email  server  for  scanning  email  messages,  you  can set up a
> ClamAV  signature  to  detect executables from within archives. ClamAV
> also has a config option to block password/encrypted archives.

>