> From: nb@???
> I'm receiving many spams my antivirus doesn't detect.
UNZIP = /usr/bin/unzip
UNRAR = /usr/local/bin/unrar
acl_smtp_mime = acl_check_mime
begin acl
acl_check_mime:
deny message = Windows-executable attachments forbidden
condition = ${if def:sender_host_address}
!authenticated = *
log_message = forbidden attachment: filename=$mime_filename, \
content-type=$mime_content_type, recipients=$recipients
condition = ${if or{\
{match{$mime_content_type}{(?i)executable}}\
{match{$mime_filename}{\N(?i)\.(exe|com|vbs|bat|\
pif|scr|hta|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|vb)$\N}}\
}}
deny set acl_m_att = ${if match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
condition = ${if def:acl_m_att}
message = A .$acl_m_att attachment contains a Windows-executable file \
- blocked because we are afraid of new viruses \
not recognized [yet] by antiviruses.
condition = ${if def:sender_host_address}
!authenticated = *
decode = default
log_message = forbidden binary in attachment: filename=$mime_filename, \
recipients=$recipients
condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
{UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
{\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}
accept
