Am 16.09.2014 um 21:42 schrieb Viktor Dukhovni <postfix-us...@dukhovni.org>:
> On Tue, Sep 16, 2014 at 09:28:11PM +0200, li...@rhsoft.net wrote:
>
>>> # block windows executables PCRE
>>> /^\s*Content-(?:Disposition|Type): # Header label
>>> (?:.*?;)? \s* # Any prior attributes
>>> (?:file)?name\s*=\s*"? # name or filename
>>> ( # Capture name for response
>>> .*?(\.|=2E) # File basename and "."
>>> (ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
>>> inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
>>> ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
>>> vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh) # Capture risky extensions
>>> ) # Close capture
>>> (?:\?=)? # Trailer of ad-hoc RFC 2047
>>> encoding
>>> "? # Optional close quote
>>> \s*(;|$) # End of attribute or header
>>> /x
>>>
>>> [ untested ]
>>
>> thanks!
>>
>> interesting - none of both blocking a empty textfile renamed to "test.exe"
>> i have all 3 for now enabled and the 3rd one rejects (Thunderbird as MUA)
>
> That's because Postfix does not support in-line comments in PCRE
> patterns. The multi-line pattern is unfolded first, and the first
> comment gobbles up all the remaining text. If you strip all the
> comments:
>
> $ postmap -q 'Content-Type: name="test.exe.txt"; charset=us-ascii'
> pcre:/tmp/foo.pcre
> $ postmap -q 'Content-Type: name="test.exe"; charset=us-ascii'
> pcre:/tmp/foo.pcre
> REJECT blocked filename test.exe
>
> With /tmp/foo.pcre containing:
>
> # block windows executables PCRE
> /^Content-(?:Disposition|Type):
> (?:.*?;)? \s*
> (?:file)?name \s* = \s*"?
> (
> .*?(\.|=2E)
> (ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
> inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
> ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
> vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh)
> )
> (?:\?=)?
> "?
> \s*(;|$)
> /x REJECT blocked filename ${1}
>
> --
> Viktor.
I just wanted to give this a try, but it seems I have done something wrong. I
copied the comment-free version to a pcre-table-file and gave it a try, but
Postfix now tells me this in the logs:
postconf -c $PWD mime_header_checks
mime_header_checks = pcre:${map}/mime_header_checks.pcre
Sep 17 09:51:15 mx postfix-submission/cleanup[23573]: warning: pcre map
/etc/postfix-submission/maps/mime_header_checks.pcre, line 14: no closing
regexp delimiter "/": ignoring this rule
Sep 17 09:51:15 mx postfix-submission/cleanup[23573]: warning: pcre map
/etc/postfix-submission/maps/mime_header_checks.pcre, line 16: no closing
regexp delimiter "/": ignoring this rule
postconf -c $PWD mime_header_checks
mime_header_checks = pcre:${map}/mime_header_checks.pcre
cat maps/mime_header_checks.pcre
# block windows executables PCRE
/^Content-(?:Disposition|Type):
(?:.*?;)? \s*
(?:file)?name \s* = \s*"?
(
.*?(\.|=2E)
(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|
inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh)
)
(?:\?=)?
"?
\s*(;|$)
/x REJECT blocked filename ${1}
Or do I have to make this all become one line?
It’s on Postfix 2.12_pre20140907
Kind regards
Christian
--
Bachelor of Science Informatik
Erlenwiese 14, 36304 Alsfeld
T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com
smime.p7s
Description: S/MIME cryptographic signature
