js in zip attachment of e-mail

@lbutlr kremels at kreme.com
Thu Mar 3 18:50:13 CET 2016

On Thu Mar 03 2016 08:19:21 Thomas Spuhler	<thomas.spuhler at btspuhler.com> said:
> On Wednesday, March 02, 2016 04:34:39 PM @lbutlr wrote:
>> On Wed Mar 02 2016 07:32:48 Dino Edwards	<dino.edwards at mydirectmail.net> said:
>>> Like this:
>>> [qr'.\.(js)$'ix => 1]
>> And where would I put that? And what sort of config is that? I’ve never seen
>> any config file that put things inside square brackets…
> I changed this line in /etc/amavisd/amavisd.conf in section $banned_filename_re = new_RE(  


I went with:

 qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|inf|ini|ins|isp|js|jse|lib|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi|msp|mst|ocx|ops|pcd|pif|prg|reg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd|wmf|wsc|wsf|wsh)$'ix,  # banned extensions - long 
  qr'.\.(ani|cur|ico)$'i,                 # banned cursors and icons filename
  qr'^\.ani$',                            # banned animated cursor file(1) type
  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerable.

Considering adding the MS-Office extensions as well, but I think postfix already bans those.

'Winners never talk about glorious victories. That's because they're the
ones who see what the battlefield looks like afterwards. It's only the
losers who have glorious victories.' --Small Gods

More information about the amavis-users mailing list