Did you i got right, that you are trying to detect renamed extension by its extension ? ummm... sounds like mission impossible to me.
My colleague has developed this functionality and he is able to block attachments by its mime type. He detect real mime type of each attachment and compare to banned mime types. We got it integrated into qmail-scanner , but somebody would have to create an installation module for ./configuration phase. cheers tomas On 03/23/2011 04:38 PM, Ethy H. Brito wrote: > From: "Ethy H. Brito"<[email protected]> > To: Salvatore Toribio<[email protected]> > Subject: Re: [Qmail-scanner-general] disguised .exe files > Date: Wed, 23 Mar 2011 12:36:56 -0300 > Organization: InterNexo Ltda. > X-Mailer: Claws Mail 3.7.6 (GTK+ 2.18.3; i486-pc-linux-gnu) > > On Wed, 23 Mar 2011 08:58:25 +0100 > Salvatore Toribio<[email protected]> wrote: > >> Hi Ethy >> >> Just edit /var/qmail/bin/qmail-scanner-queue.pl and change >> my $BAD_MIME_CHECKS='2' > Hi ST. > > nop. did not wotk. > > I downloaded and installed 2.08 (was 2.01). > compiled with: > > # ./configure --spooldir /var/spool/qmailscan --qmaildir /var/qmail --bindir > /var/qmail/bin --qmail-queue-binary /var/qmail/bin/qmail-queue --admin > postmaster --domain bla.com.br --admin-description > "System-Anti-Virus-Administrator" --notify sender --local-domains bla.com.br > --max-scan-size 100000000 --silent-viruses auto --sa-timeout 120 > --sa-faulttolerant 1 --sa-maxsize 256000 --sa-quarantine 2 --sa-tempfail 1 > --quarantine-reject 0 --lang pt_BR --debug 1 --unzip 0 --max-zip-size > 1000000000 --add-dscr-hdrs 0 --normalize yes --archive 0 --redundant yes > --skip-text-msgs 1 --log-details yes --log-crypto 0 --fix-mime 2 > --ignore-eol-check 0 --scanners "clamdscan,fast_spamassassin" > > Most options are defaults. > > same result: .exe renamed files pass through untouched. > > Now what? Anything else? > > Ethy > > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > Qmail-scanner-general mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Qmail-scanner-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
