[bf1942] OT Protection

g8 at the.whole.net g8 at the.whole.net
Wed Feb 4 13:30:08 EST 2004

Oh, I forgot the original one which blocks all the other attachment types
besides zip (so make that a two line regex ;)

/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|app|as[dpx]|ba[st]|bin|btm|cab|cbt|cgi|chm|cil|cla(ss)?|cmd|cp[el]|crt|cs[chs]|cvp|dll|dot|drv|em(ai)?l|ex[_e]|fon|fxp|hlp|ht[ar]|in[fips]|isp|jar|jse?|keyreg|ksh|lib|lnk|md[abetw]|mht(m|ml)?|ms[ciopt]|nte|nws|obj|ocx|ops|ov.|pcd|pgm|pif|p[lm]|pot|pps|prg|reg|sc[rt]|sh[bs]?|slb|smm|sw[ft]|sys|url|vb[esx]?|vir|vmx|vxd|wm[dsz]|ws[cfh]|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/    REJECT  dangerous ".$2" file attachment types not allowed - please remove file and resend


p.s. these are PCRE-type checks.  And remember you can apply these rules
to just the mime headers (instead of the whole header and body) with
mime_header_checks = $file_name

On Wed, 4 Feb 2004, James Gurney wrote:

> g8 at the.whole.net wrote:
> > alternate MTAs such as Postfix, qmail, or exim.  I personally use Postfix
> > (aka IBM Secure Mailer) and a one line regex blocked the virii before
> > they even got to the DATA stage (thus saving bandwidth at the server).
> Care to share that regex? I looked into this for my postfix servers, but
> the only header/body checks I could find would essentially block all zip
> files, which I thought was too extreme..
> James

More information about the Bf1942 mailing list