Am 16.09.2014 um 20:34 schrieb Wietse Venema: > li...@rhsoft.net: >> (yes i know it's not 100% perfect in any case) >> >> but anybody using "mime_header_checks" by one of the similar howtos out >> there should review the configuration - without \" at the end of the >> regex this is prone to false positives > > Caution: MIME allows names in this context without "", as long as > those names contain no whitespace etc.
thanks for the hint i am open for suggestions how to optimize that in general without raise false positives - at the end there is clamd but "mime_header_checks" is "cheaper" >> two examples from real world (.scr and .com wrongly rejected) >> >> * name="strace.Scripting-with-the-xss.pdf.txt" >> * filename="BOOKING.COM: Hotel 342802.PDF" >> >> i think this was the one i followed >> http://www.cyberciti.biz/tips/postfix-block-mime-attachment-files.html >> _________________________________________________ >> >> cat /etc/postfix/mime_header_checks.cf >> # Reject Attachment-Extensions >> /name=[^>]*\.(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|msc|msi|msp|mst|ocx|pcd|pif|pl|reg|scr|script|sct|sh|shb|shs|sys|so|tlb|vb|vbe|vbs|wiz|wll|wpc|wsc|wsf|wsh)\"/ >> REJECT 554 Attachment Blocked