Bernard Robbins writes:
Is there any way to reject an email if it contains any attachment with an extension of:
(?i)\.(001|002|386|3GR|ACM|ADT|AP.|ASD|ASP|AX.|BAT|BIN|BO.|CC.|CDR|CHM|CLA
|CMD|CNV|CP.|CSC|D.B|DEV|DIF|DL.|DRV|EE.|EX.|FMT|FO.|GMS|HDI|HLP|HT.|IM.|I
N.|JS.|LIB|MB.|MD.|MHT|MOD|MPD|MPP|MPT|MRC|MS.|OB.|OC.|OL.|OLE|OTM|OV.|PCI
|PHP|PIF|PLG|POT|PP.|PRC|QLB|QPW|QTC|REG|RTF|SCR|SH.|SIS|SMM|SYS|TD0|TLB|T
SP|VB.|VS.|VWP|VXD|WBK|WIZ|WP.|WRI|WS.|X32|XML|XSL|XTP|XX.|ZL.)$
Having courier drop these attachments will eliminate having to use http://mailtools.anomy.net/.
I use the following perlfilter module to drop all virusware by its signature, instead of an explicit file extension.
pgpqcLlLJ4PxI.pgp
Description: PGP signature# $Id: perlfilter,v 1.8 2004/07/26 22:29:47 mrsam Exp $ # # Copyright 2000 Double Precision, Inc. See COPYING for # distribution information. # # This is an example Perl filter. Install this filter by initializing # filters/perlfilter control file to contain the pathname to this file. # See courierfilter(8) for more information. # # This example Perl filter blocks messages with a long Date: header. # # *** DO NOT MODIFY THIS FILE VERBATIM *** When upgrading Courier this # file will be overwritten. Make a copy of this file, and point # filters/perlfilter to your modified copy. use IO::File; # The number of the filedescriptor that's connected to the socket is # passed to us on STDIN. my $filedesc=shift @ARGV; my $socket=new IO::File "+<&$filedesc"; die "$!" unless defined $socket; my $line; my $first=1; my $errmsg="200 Ok"; # # Read lines from the socket. Each line contains a filename. An empty line # terminates the list. The first line is the filename of the datafile # containing the message text. The subsequent lines are filename(s) of # control files. # while (defined ($line=<$socket>)) { my $msg; chomp $line; last unless $line; if ($first) { $msg=filterdata($line); } else { $msg=filtercontrol($line); } $first=0; $errmsg=$msg if $msg; } $errmsg .= "\n" unless $errmsg =~ /\n$/; print $socket $errmsg; $socket->close; sub filterdata { my $filename=shift; # Here's where the custom content filter is implemented. Use filehandles # so that cleanup's automatic. my $fh=new IO::File "< $filename"; return "" unless defined $fh; my $line; while ( defined ($line=<$fh>)) { chomp $line; last if $line eq ""; # End of headers return "500 Fscked up virus scanner blacklisted." if $line =~ /^X-Tnz-Problem-Type:/i; } my $virus=0; while ( defined ($line=<$fh>)) { chomp $line; if ($line =~ /^Content-Type:[^;]*;\s*$/) { $line .= <$fh>; chomp $line; } return "500 Microsoft virus refused." if $line =~ /TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/; return "500 Microsoft virus refused." if $line =~ /TVoAAAEAAAACAAAA\/\/8AAEAAAAAAAAAAQAAAAAAAAAC0TM0hAAAAAAAAAAAAAAAAAAAAAAAA/; return "500 Microsoft virus refused." if $line =~ /PEhUTUw\+DQo8SEVBRD4NCjxUSVRMRT5XaW5kb3dzIFVwZGF0ZTwvVElUTEU\+DQo8SFRBOkFQ/; return "500 Zip attachments refused - potential virus, use gzip instead." if $line =~ /^Content-Type: application\/x-zip-compressed/; $virus |= 1 if $line =~ /^Content-Type:\s+application\/octet-stream;\s+name=\".*\.zip/; $virus |= 2 if $line =~ /^Content-Type: image\/jpeg/; } return "500 Microsoft virus refused." if $virus == 3; return "500 Zip attachments refused - potential virus, use gzip instead." if $virus == 1; return ""; } sub filtercontrol { my $filename=shift; return ""; }
Description: PGP signature
