On Tue, Sep 16, 2014 at 09:28:11PM +0200, li...@rhsoft.net wrote:
> > # block windows executables PCRE
> > /^\s*Content-(?:Disposition|Type): # Header label
> > (?:.*?;)? \s* # Any prior attributes
> > (?:file)?name\s*=\s*"? # name or filename
> > ( # Capture name for response
> > .*?(\.|=2E) # File basename and "."
> > (ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
> > inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
> > ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
> > vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh) # Capture risky extensions
> > ) # Close capture
> > (?:\?=)? # Trailer of ad-hoc RFC 2047
> > encoding
> > "? # Optional close quote
> > \s*(;|$) # End of attribute or header
> > /x
> >
> > [ untested ]
>
> thanks!
>
> interesting - none of both blocking a empty textfile renamed to "test.exe"
> i have all 3 for now enabled and the 3rd one rejects (Thunderbird as MUA)
That's because Postfix does not support in-line comments in PCRE
patterns. The multi-line pattern is unfolded first, and the first
comment gobbles up all the remaining text. If you strip all the
comments:
$ postmap -q 'Content-Type: name="test.exe.txt"; charset=us-ascii'
pcre:/tmp/foo.pcre
$ postmap -q 'Content-Type: name="test.exe"; charset=us-ascii'
pcre:/tmp/foo.pcre
REJECT blocked filename test.exe
With /tmp/foo.pcre containing:
# block windows executables PCRE
/^Content-(?:Disposition|Type):
(?:.*?;)? \s*
(?:file)?name \s* = \s*"?
(
.*?(\.|=2E)
(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh)
)
(?:\?=)?
"?
\s*(;|$)
/x REJECT blocked filename ${1}
--
Viktor.
