Hi group,
I am running mailman 2.1.2 and sendmail. I've got amavisd plugged in as a milter in sendmail, so everything passing through the server is scanned for viruses. My concern is that with the proliferation of variants that often hit us pretty hard in the few days it can take for the antivirus software to get updated, I want to block certain types of files from coming through as attachments. But I want to allow other types. For the ordinary mail being delivered to our users, we do that with a set of procmail rules. I'd like to be able to do the same kind of filtering on mailman messages.
I am operating under the assumption that the content-type field isn't to be trusted, since the virus writer could make a bogus one of those. My experiments indicate that one can fake that field to look like something benign, even putting a benign file name there, and if the content-disposition field has a different file name with a different extension, Eudora at least will favor the content-disposition field. So if content-type says it's a pdf and has a filename ending in pdf, but content-disposition says the filename ends in .zip, Eudora will launch winzip. I assume .exe and .scr and so forth would work the same, but I haven't tested that explicitly.
So what I want to be able to do is filter based on the content-disposition field. This is trivially easy to do in procmail, but in the normal mailman sequence, messages never see procmail. So, can I (a) recreate this capability in mailman, or (b) cause mailman to invoke procmail somehow? The content filtering option on the web interface seems to look at content-type, not content-disposition.
I'm hoping to find a way to do it one of those two ways rather than having to add a whole other package like mimedefang into the mix, just to keep things simpler.
The relevant parts of the procmail expressions look like this:
filename=".*\.(ad[ep]|ba[st]|chm|cmd|com|cpl|crt|dll|dot|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[aetwz]|ms[cipt]|ocx|ops|pcd|pif|prf|pot|reg|sc[frt]|sh[bs]|sys|vb[es]?|ws[cfh]|xl[abdmtv]|\{[-0-9a-f]+\}.*)"filename=".*\.(ace|ar[cj]|bh|bz(ip)?2|cab|t?gz|lha|lzh|[jrt]ar|uue|xxe|zip|zoo|z)"
Any thoughts?
Thanks.
-Andy
------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
