>zip:*@encr.ourdomain.org => good-out => .*|crypt\-zip
yes
>
exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm|(exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm).zip
- :MSOM should be defined only one time
- (....).zip makes IMHO no sense - but if used, it should be defined as
(...)\.zip
same here
~~StdBlockRule => block ~StdBlockExts|(~StdBlockExts).zip
~~StdBlockRule => block ~StdBlockExts|(~StdBlockExts)\.zip
notice: brackets used with templates will not work in the current build! -
the next release will support this
notice: a bug in the current version causes errors, if uppercase letters
are used in the template or rule names - the next release will fix this
>zip:* => block => ~StdBlockExts|--bin <-- is that the right way to
have an exception for bin files inside of a zip?
yes
j...@ourdomain.com => block => ~StdBlockExts|:MSOM <-- adding an :MSOM
exception, correct syntax?
yes
>j...@ourdomain.com => ~~StdBlockRule|:MSOM <-- exception to a RULE?
does that work?
no, the definition where :MSOM should be used is missing
j...@ourdomain.com => ~~StdBlockRule|block => :MSOM would be right
>zip:*@encr.ourdomain.org => good-out => .*|crypt\-zip
yes
>jspdfsen...@externaldomain.com => ~~StdBlockRule|:JSPDF <-- does this
work??
no - see above
> ?? would I need to set a good rule here or soemthing instead? I'm
worried that the *@* line, which I didn't have before trying the
templates, will still be matched for the recipient and still block jspdf
If a "good" rule is defined, the attachment has to match. If a "good" rule
is not defined, the attachment will be not checked for "good".
*@* matches every recipient and sender - and will be used, if there is not
no a more exact match found
*@* => ~~StdBlockRule
will block for all senders and recipients according to the StdBlockRule (
if not anything better is found)
remember - the rule found for the recipient and the sender will be
combined at runtime!!!
if you want a setup for your local domains only, you may use
*@ld1.com|*@ld2.com|*@ld3.com => .....
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 18.10.2017 17:56
Betreff: [Assp-test] UserAttach template review request
I'm having an issue with certain very annoying outside vendors sending pdf
files with javascript in them. I need to put in exceptions for these
senders, so I figured now might be a good time to implement templates in
UserAttach.
I'd apprecite a quick review of my plan to make sure that I've got the
logic correct. There's some nuance that I'm not sure I've got right, like
excepting MSOM from a rule that includes a template that includes exe-\bin
Here's what I am doing now without templates.
In general, for all users, I want to block, in both directions:
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
and any of those exetensions with a .zip on the end
and any zip file that contains any of those extensions
and any encrypted zip
This works fine with my current setup. Individual exceptions are a pain,
since I need to edit them all any time I make an extension change. (see
the john example below). Thomas saves the day with Templates and rules!!
The current non-template solution involves:
Level 1 as
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
Level 2 as
(exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm).zip
everyone is set to Level 2
In UserAttach I have:
# look in zips for these bad files too
# bin type removed to allow formatted excel with printer settings
through
zip:* => block =>
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
# for al...@ourdomain.org and monitor@, special alert mailboxs, allow any
type of file through
# also need to put them in noscan config so javascript isn't stripped
al...@ourdomain.org => good => .*
moni...@ourdomain.org => good => .*
# john gets MSOM exception to allow a bunch of annoying vendors to email
attachments with them
j...@ourdomain.org => block =>
exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm|(exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm).zip
# anyone in the encr.ourdomain.org subdomain need to be able to send
encrypted zips
# * says anything in a zip, crypt-zip says encrypted okay
zip:*@encr.ourdoamin.org => good-out => .*|crypt\-zip
I'm planning to replace the above UserAttach with:
# Template for all of our bad extensions
~StdBlockExts =>
exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
# Rule that blocks bad extensions and zip files with the bad exts inside
~~StdBlockRule => block ~StdBlockExts|(~StdBlockExts).zip
# all users by default have the StdBlockRuleApplied
# this would be overridden by a longer user part of the definition
# longest userpart wins. NO inheritance
*@* => ~~StdBlockRule
# for all users look inside zips for these bad files too
# bin type is here removed to allow formatted excel with printer settings
through which are in bin files inside of zips
zip:* => block => ~StdBlockExts|--bin <-- is that the right way to have
an exception for bin files inside of a zip?
# for al...@ourdomain.org and monitor@, special alert mailboxs, allow any
type of file through
# also need to put them in noscan config so javascript isn't stripped
al...@ourdomain.org => good => .*
moni...@ourdomain.org => good => .*
# john gets MSOM exception to allow office macros through
j...@ourdomain.com => block => ~StdBlockExts|:MSOM <-- adding an :MSOM
exception, correct syntax?
or could I do
j...@ourdomain.com => ~~StdBlockRule|:MSOM <-- exception to a RULE? does
that work?
# our users in the @encr.ourdomain.org subdomain need to be able to send
encrypted zips
# * says anything in a zip,
# special definition crypt-zip says encrypted okay
zip:*@encr.ourdomain.org => good-out => .*|crypt\-zip
jspdfsen...@externaldomain.com => ~~StdBlockRule|:JSPDF <-- does this
work??
?? would I need to set a good rule here or soemthing instead? I'm
worried that the *@* line, which I didn't have before trying the
templates, will still be matched for the recipient and still block jspdf
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
