Hello everyone,
I currently see fishing mails with .zip mime extension that should get
filtered by a content filter but do not.
Is is a cyrillic filename with .jpg.zip extension (Скан квитанции.jpg.zip):
--------------DAA7D016D126136E9026DA5F
Content-Type: application/zip;
name="=?windows-1251?B?0erg7SDq4ujy4O326OguanBnLnppcA==?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="=?windows-1251?B?0erg7SDq4ujy4O326OguanBnLnppcA==?="
It does not get blocked by the filter below while that usually catches .zip:
deny
condition = $acl_m_datamimefilter
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.bat|\.btm|\.cmd|\.com|\.cpl|\.dll|\.exe|\.lnk|\.msi|\.pif|\.prf|\.reg|\.scr|\.vbs|\.url|\.zip|\.7z|\.jar|\.ace|\.docm|\.rar|\.cab|\.xlsx|\.xls|\.docx|\.doc)$\N}
\
{1}{0}}
message = Blacklisted file extension detected in "$mime_filename".
log_message = DENY: Blacklisted extension ("$mime_filename")
Also the demime that was in place earlier did not catch those:
drop message = This message contains an attachment of a type which we
do not accept (.$found_extension)
demime =
bat:com:pif:prf:scr:vbs:exe:zip:doc:xls:docx:xlsx:cab:docm:rar:docm:ace:jar:7z
condition = $acl_m_datamimefilter
Does anyone know why this filename is not being catched by the filters?
Best regards,
Franz Georg Köhler
:%0A>%20%0A>%20%0A>%20%0A>%20%0A>%20It%20does%20not%20get%20blocked%20by%20the%20filter%20below%20while%20that%20usually%20catches%20.zip:%0A>%20%0A>%20%20%0A>%20%0A>%20%0A>%20%0A>%20Also%20the%20demime%20that%20was%20in%20place%20earlier%20did%20not%20catch%20those:%0A>%20%0A>%20%0A>%20%0A>%20Does%20anyone%20know%20why%20this%20filename%20is%20not%20being%20catched%20by%20the%20filters?%0A>%20%0A>%20%0A>%20%0A>%20Best%20regards,%0A>%20%0A>%20Franz%20Georg%20K%C3%B6hler%0A>%20%0A>%20%0A>%20%0A>%20 "Vastaa")
