Re: [exim] How to block the mails which contain .exe inside …

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] How to block the mails which contain .exe inside a zip file
> I want to block all the mails containing
> .exe(attachment) So for that i used that in my exim file
>
> acl_check_mime:
>
>    # File extension filtering.
>    deny message = Blacklisted file extension detected
>         condition = ${if match \
>                          {${lc:$mime_filename}} \
>                          {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \
>                       {1}{0}}

>
> But now my problem is that many of user is sending .exe inside the .zip
> file, Please Guide me how can i block that mails.


The path /usr/local/bin/unzip is for FreeBSD:

acl_smtp_mime = acl_check_mime
begin acl
acl_check_mime:
  deny message = A .zip attachment contains a Windows-executable file - \
                 blocked because we are afraid of new viruses \
                 not recognized [yet] by antiviruses.
       condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
       condition = ${if def:sender_host_address}
       !authenticated = *
       decode = default
       log_message = forbidden binary in attachment: filename=$mime_filename, \
                     recipients=$recipients
       condition = ${if match{${run{/usr/local/bin/unzip -l \
                                    $mime_decoded_filename}}}\
                             {\N(?i)\.(exe|com|vbs|bat|pif|scr|hta|js\
           |cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)\n\N}}


  deny message = Windows-executable attachments forbidden because we are \
                 afraid of new viruses not recognized [yet] by antiviruses.
       condition = ${if def:sender_host_address}
       !authenticated = *
       log_message = forbidden attachment: filename=$mime_filename, \
                     content-type=$mime_content_type, recipients=$recipients
       condition = ${if or{\
                           {match{$mime_content_type}{(?i)executable}}\
                           {match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|pif\
    |scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
                          }}


accept