Am 16.09.2014 um 21:42 schrieb Viktor Dukhovni:
> On Tue, Sep 16, 2014 at 09:28:11PM +0200, li...@rhsoft.net wrote:
>
>>> # block windows executables PCRE
>>> /^\s*Content-(?:Disposition|Type): # Header label
>>> (?:.*?;)? \s* # Any prior attributes
>>> (?:file)?name\s*=\s*"? # name or filename
>>> ( # Capture name for response
>>> .*?(\.|=2E) # File basename and "."
>>> (ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
>>> inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
>>> ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
>>> vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh) # Capture risky extensions
>>> ) # Close capture
>>> (?:\?=)? # Trailer of ad-hoc RFC 2047
>>> encoding
>>> "? # Optional close quote
>>> \s*(;|$) # End of attribute or header
>>> /x
>>>
>>> [ untested ]
>>
>> thanks!
>>
>> interesting - none of both blocking a empty textfile renamed to "test.exe"
>> i have all 3 for now enabled and the 3rd one rejects (Thunderbird as MUA)
>
> That's because Postfix does not support in-line comments in PCRE
> patterns. The multi-line pattern is unfolded first, and the first
> comment gobbles up all the remaining text. If you strip all the
> comments:
>
> $ postmap -q 'Content-Type: name="test.exe.txt"; charset=us-ascii'
> pcre:/tmp/foo.pcre
> $ postmap -q 'Content-Type: name="test.exe"; charset=us-ascii'
> pcre:/tmp/foo.pcre
> REJECT blocked filename test.exe
>
> With /tmp/foo.pcre containing:
>
> # block windows executables PCRE
> /^Content-(?:Disposition|Type):
> (?:.*?;)? \s*
> (?:file)?name \s* = \s*"?
> (
> .*?(\.|=2E)
> (ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
> inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
> ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
> vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh)
> )
> (?:\?=)?
> "?
> \s*(;|$)
> /x REJECT blocked filename ${1}
uhm i removed all comments AFAIK
that are 3 single lines without any break not added by the mail-client
i now attached it as a file and still only (Rule 3) hits
# Reject Attachment Extensions
/^Content-(?:Disposition|Type):
(?:.*?;)? \s*
(?:file)?name \s* = \s*"?
(
.*?(\.|=2E)
(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh)
)
(?:\?=)?
"?
\s*(;|$)
/x REJECT 554 Attachment Blocked (Rule 0)
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(\?=)?"?\s*$/x
REJECT 554 Attachment Blocked (Rule 1)
/^\s*Content-(?:Disposition|Type):(?:.*?;)?\s*(?:file)?name\s*=\s*"?(.*?(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x
REJECT 554 Attachment Blocked (Rule 2)
/name=[^>]*\.(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh)\"/
REJECT 554 Attachment Blocked (Rule 3)
