js in zip attachment of e-mail

Dino Edwards dino.edwards at mydirectmail.net
Thu Mar 3 01:12:09 CET 2016 

Just a way of doing it. Here's the whole config I use for a rule named "Default" since I like to assign file rules to amavis rules which in turn I assign to particular users. The "=>1" part means block. For allow you would use "=>0" and I just learned the "i" means case insensitive and if you see an "x" it means  ignore extra spaces in the regexp.

%banned_rules = (
  'Default' => new_RE(
[qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll|rtf)\.?$'i => 1],
[qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i => 1],
[qr'^application/x-msdownload$'i => 1],
[qr'^application/x-msdos-program$'i => 1],
[qr'^application/hta$'i => 1],
[qr'.\.(exe)$'i => 1],
[qr'.\.(vbs)$'i => 1],
[qr'.\.(pif)$'i => 1],
[qr'.\.(scr)$'i => 1],
[qr'.\.(bat)$'i => 1],
[qr'.\.(cmd)$'i => 1],
[qr'.\.(com)$'i => 1],
[qr'.\.(cpl)$'i => 1],
[qr'.\.(rtf)$'i => 1],
[qr'^\.(exe-ms)$' => 1],
[qr'^\.(dll)$' => 1],
[qr'^\.(lha)$' => 1],
[qr'^\.(exe)$' => 1],
[qr'^\.(tnef)$' => 1],
[qr'^\.(cab)$' => 1]
 ),

Another way of doing if you are using a global config is like this, just add the "js" extension to the line below:

$banned_filename_re = new_RE(
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl|rtf|js)$'i
);

The above regexp ".\.(exe|vbs|pif|scr|bat|cmd|com|cpl|rtf|js)$" will match any file name with the above extensions (Example test.exe, test.vbs etc...). You can test the regexp at http://www.regex101.com (make sure you take out the double quotes from both sides)

 


> -----Original Message-----
> From: amavis-users [mailto:amavis-users-
> bounces+dino.edwards=mydirectmail.net at amavis.org] On Behalf Of @lbutlr
> Sent: Wednesday, March 02, 2016 6:35 PM
> To: amavis-users at amavis.org
> Subject: Re: js in zip attachment of e-mail
> 
> On Wed Mar 02 2016 07:32:48 Dino Edwards
> 	<dino.edwards at mydirectmail.net> said:
> >
> > Like this:
> >
> > [qr'.\.(js)$'ix => 1]
> 
> And where would I put that? And what sort of config is that? I’ve never seen
> any config file that put things inside square brackets…
> 
> 
> --
> Blatant mistakes are the best kind. — John W Baxter

More information about the amavis-users mailing list