I'm having an issue with certain very annoying outside vendors sending pdf
files with javascript in them. I need to put in exceptions for these
senders, so I figured now might be a good time to implement templates in
UserAttach.
I'd apprecite a quick review of my plan to make sure that I've got the
logic correct. There's some nuance that I'm not sure I've got right, like
excepting MSOM from a rule that includes a template that includes exe-\bin
Here's what I am doing now without templates.
In general, for all users, I want to block, in both directions:
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
and any of those exetensions with a .zip on the end
and any zip file that contains any of those extensions
and any encrypted zip
This works fine with my current setup. Individual exceptions are a pain,
since I need to edit them all any time I make an extension change. (see
the john example below). Thomas saves the day with Templates and rules!!
The current non-template solution involves:
Level 1 as
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
Level 2 as
(exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm).zip
everyone is set to Level 2
In UserAttach I have:
# look in zips for these bad files too
# *bin type removed *to allow formatted excel with printer settings
through
zip:* => block =>
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
# for al...@ourdomain.org and monitor@, special alert mailboxs, allow any
type of file through
# also need to put them in noscan config so javascript isn't stripped
al...@ourdomain.org => good => .*
moni...@ourdomain.org => good => .*
# john gets MSOM exception to allow a bunch of annoying vendors to email
attachments with them
j...@ourdomain.org => block =>
exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm|(exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm).zip
# anyone in the encr.ourdomain.org subdomain need to be able to send
encrypted zips
# * says anything in a zip, crypt-zip says encrypted okay
zip:*@encr.ourdoamin.org => good-out => .*|crypt\-zip
I'm planning to replace the above UserAttach with:
# Template for all of our bad extensions
~StdBlockExts =>
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
# Rule that blocks bad extensions and zip files with the bad exts inside
~~StdBlockRule => block ~StdBlockExts|(~StdBlockExts).zip
# all users by default have the StdBlockRuleApplied
# this would be overridden by a longer user part of the definition
# longest userpart wins. NO inheritance
*@* => ~~StdBlockRule
# for all users look inside zips for these bad files too
# bin type is here removed to allow formatted excel with printer settings
through which are in bin files inside of zips
zip:* => block => ~StdBlockExts|--bin <-- is that the right way to have
an exception for bin files inside of a zip?
# for al...@ourdomain.org and monitor@, special alert mailboxs, allow any
type of file through
# also need to put them in noscan config so javascript isn't stripped
al...@ourdomain.org => good => .*
moni...@ourdomain.org => good => .*
# john gets MSOM exception to allow office macros through
j...@ourdomain.com => block => ~StdBlockExts|:MSOM <-- adding an :MSOM
exception, correct syntax?
or could I do
j...@ourdomain.com => ~~StdBlockRule|:MSOM <-- exception to a RULE? does
that work?
# our users in the @encr.ourdomain.org subdomain need to be able to send
encrypted zips
# * says anything in a zip,
# special definition crypt-zip says encrypted okay
zip:*@encr.ourdomain.org => good-out => .*|crypt\-zip
jspdfsen...@externaldomain.com => ~~StdBlockRule|:JSPDF <-- does this
work??
?? would I need to set a good rule here or soemthing instead? I'm
worried that the *@* line, which I didn't have before trying the templates,
will still be matched for the recipient and still block jspdf
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
