block a particular double extension files in amavisd.conf
Dino Edwards
dino.edwards at mydirectmail.net
Thu Mar 17 10:53:14 CET 2016
The regexp you provided should work in blocking any filename.tmp.exe. The attachments has to follow that exact naming pattern i.e. it must be *.tmp.exe. Any other variation it will not match. This one should work too:
(tmp){1,}.*(exe){1,}
From: Indunil Jayasooriya [mailto:indunil75 at gmail.com]
Sent: Thursday, March 17, 2016 4:25 AM
To: Dino Edwards <dino.edwards at mydirectmail.net>
Cc: amavis-users at amavis.org
Subject: Re: block a particular double extension files in amavisd.conf
On Thu, Mar 17, 2016 at 1:46 PM, Dino Edwards <dino.edwards at mydirectmail.net<mailto:dino.edwards at mydirectmail.net>> wrote:
While users surf the Internet? So, not coming through e-mail?
Your point is OK. But, I am afraid that an attacker sends emails to our domain with those attachment, I want my mail filer to block it.
I want to take an action for it in the future
comments?
,
From: amavis-users [mailto:amavis-users-bounces+dino.edwards<mailto:amavis-users-bounces%2Bdino.edwards>=mydirectmail.net at amavis.org<mailto:mydirectmail.net at amavis.org>] On Behalf Of Indunil Jayasooriya
Sent: Thursday, March 17, 2016 1:10 AM
To: amavis-users at amavis.org<mailto:amavis-users at amavis.org>
Subject: block a particular double extension files in amavisd.conf
Hi,
I want to block files having double extensions. while users surf internet, some files such as e7ea.tmp.exe will be automatically downloaded.
e7ea.tmp.exe is a ransomware. Attackers can send mails with files of these types as well.
Now, I want to block files having double extension such as filenames.tmp.exe format.
I think below regex is OK to insert in to amavisd.conf file.
qr'.\.(tmp)\.exe$'i, # block this double extension
any comment?
--
cat /etc/motd
Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
--
cat /etc/motd
Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160317/a7ebef6c/attachment.html>
More information about the amavis-users
mailing list