Block .html only in .zip

Marius Gologan marius.gologan at gmail.com
Fri Jul 24 23:06:27 CEST 2015 

One more thing:

The presumed HTML file might be “ASCII text, with CRLF line terminators” and might be detected as “asc”, instead of html?. 

In this case, T can be T=(asc|html?)

 

Run:

file resume.htm
file –i resume.htm
In some cases last command might return application/octet-stream mime-type. Not sure, but if is a maware, some code is embedded in this case.

 

You can create new T(ypes) in  $map_full_type_to_short_type_re - very useful to block xls and doc with malware.

 

 

Thank you for helping me earlier, today.

 

Marius.

 

From: Marius Gologan [mailto:marius.gologan at gmail.com] 
Sent: Friday, July 24, 2015 11:56 PM
To: 'Konstantin'; amavis-users at amavis.org
Subject: RE: Block .html only in .zip

 

Hi,

 

I didn’t test this rule. I just made it up:

 

$banned_namepath_re = new_RE(

[ qr'(?# BLOCK HTML as application/x-zip-compressed)

^ (.*\t)? M=application/x-zip-compressed

\t(.*\t)* T=html? 

\t(.*\t)* N=[^\t\n]* \. zip 

(\t.*)? $'xmi => 'DISCARD'],

 

Run this command below and see what’s the Mime-Type of that file an replace the value in M=. Can be different than application/x-zip-compressed.
file –i resume.zip

When you run your test, place this in your amavis and restart it. Will give you many combined values matched against $banned_namepath_re.
@debug_sender_maps = ( ["test-sender\@$mydomain"] );

Marius.

 

From: amavis-users [mailto:amavis-users-bounces+marius.gologan=gmail.com at amavis.org] On Behalf Of Konstantin
Sent: Friday, July 24, 2015 7:05 PM
To: amavis-users at amavis.org
Subject: Block .html only in .zip

 

Hi 

Is it possible to set up banned_rules to block .html,.htm if they are only inside attached .zip file?

I can not block .html,.htm files because some users want to receive them.


For example:
unzip -l Downloads/resume.zip
Archive:  Downloads/resume.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
      654  2015-07-22 19:38   2101_resume.htm

Thanks.



-- 

This message was delivered using 100% recycled electrons.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20150725/1cb5aa6e/attachment.html>

More information about the amavis-users mailing list