Am 16.09.2014 um 21:00 schrieb Viktor Dukhovni: > On Tue, Sep 16, 2014 at 01:41:36PM -0500, Noel Jones wrote: > >> I've used the below for a few years with good results. It's better, >> but surely not perfect. >> >> # block windows executables PCRE >> /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( >> ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta| >> inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws| >> ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf| >> vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))(\?=)?"?\s*$/x > > This assumes that "name" or "filename" is the last attribute in > the header. It might instead be followed by a ";" and more > attributes. So for a bit more generality, try the below: > > # block windows executables PCRE > /^\s*Content-(?:Disposition|Type): # Header label > (?:.*?;)? \s* # Any prior attributes > (?:file)?name\s*=\s*"? # name or filename > ( # Capture name for response > .*?(\.|=2E) # File basename and "." > (ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta| > inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws| > ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf| > vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh) # Capture risky extensions > ) # Close capture > (?:\?=)? # Trailer of ad-hoc RFC 2047 > encoding > "? # Optional close quote > \s*(;|$) # End of attribute or header > /x > > [ untested ]
thanks! interesting - none of both blocking a empty textfile renamed to "test.exe" i have all 3 for now enabled and the 3rd one rejects (Thunderbird as MUA) reject: header Content-Type: application/octet-stream;? name="test.exe" 5.7.1 554 Attachment Blocked (Rule 3) [root@localhost:~]$ cat postfix/mime_header_checks.cf # Reject Attachment Extensions /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(\?=)?"?\s*$/x REJECT 554 Attachment Blocked (Rule 1) /^\s*Content-(?:Disposition|Type):(?:.*?;)?\s*(?:file)?name\s*=\s*"?(.*?(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x REJECT 554 Attachment Blocked (Rule 2) /name=[^>]*\.(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh)\"/ REJECT 554 Attachment Blocked (Rule 3)