Hello everyone,
I currently see fishing mails with .zip mime extension that should get
filtered by a content filter but do not.
Is is a cyrillic filename with .jpg.zip extension (Скан квитанции.jpg.zip):
--------------DAA7D016D126136E9026DA5F
Content-Type: application/zip;
name="=?windows-1251?B?0erg7SDq4ujy4O326OguanBnLnppcA==?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="=?windows-1251?B?0erg7SDq4ujy4O326OguanBnLnppcA==?="
It does not get blocked by the filter below while that usually catches .zip:
deny
condition = $acl_m_datamimefilter
condition = ${if match \
{${lc:$mime_filename}} \
{\N(\.bat|\.btm|\.cmd|\.com|\.cpl|\.dll|\.exe|\.lnk|\.msi|\.pif|\.prf|\.reg|\.scr|\.vbs|\.url|\.zip|\.7z|\.jar|\.ace|\.docm|\.rar|\.cab|\.xlsx|\.xls|\.docx|\.doc)$\N}
\
{1}{0}}
message = Blacklisted file extension detected in "$mime_filename".
log_message = DENY: Blacklisted extension ("$mime_filename")
Also the demime that was in place earlier did not catch those:
drop message = This message contains an attachment of a type which we
do not accept (.$found_extension)
demime =
bat:com:pif:prf:scr:vbs:exe:zip:doc:xls:docx:xlsx:cab:docm:rar:docm:ace:jar:7z
condition = $acl_m_datamimefilter
Does anyone know why this filename is not being catched by the filters?
Best regards,
Franz Georg Köhler