block a particular double extension files in amavisd.conf

Indunil Jayasooriya indunil75 at gmail.com
Thu Mar 17 09:24:41 CET 2016


On Thu, Mar 17, 2016 at 1:46 PM, Dino Edwards <dino.edwards at mydirectmail.net
> wrote:

> While users surf the Internet? So, not coming through e-mail?
>
>
>
      Your point is OK. But, I am afraid that an attacker sends emails to
our domain with those attachment, I want my mail filer to block it.

   I want to take an action for it in the future

comments?


 ,

> *From:* amavis-users [mailto:amavis-users-bounces+dino.edwards=
> mydirectmail.net at amavis.org] *On Behalf Of *Indunil Jayasooriya
> *Sent:* Thursday, March 17, 2016 1:10 AM
> *To:* amavis-users at amavis.org
> *Subject:* block a particular double extension files in amavisd.conf
>
>
>
> Hi,
>
> I want to block files having double extensions. while users surf internet,
> some files such as* e7ea.tmp.exe* will be automatically downloaded.
>
>
> e7ea.tmp.exe is a ransomware. Attackers can send mails with files of these
> types as well.
>
> Now, I want to block files having double extension such as filenames
> *.tmp.exe* format.
>
>
>
> I think below regex is OK to insert in to amavisd.conf file.
>
>
> *qr'.\.(tmp)\.exe$'i,  * # block this double extension
>
> any comment?
>
>
>
> --
>
> cat /etc/motd
>
> Thank you
> Indunil Jayasooriya
> http://www.theravadanet.net/
> http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala
> Fonts
>



-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala
Fonts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160317/7e4502cc/attachment.html>


More information about the amavis-users mailing list