Block ..rar files in amavisd
Hoyer-Reuther, Christian
Christian.Hoyer-Reuther at cac-chem.de
Fri Jan 12 14:42:36 CET 2018
Hello Jonathan,
this should work:
qr'.\.(com|exe|rar)$'
Regards,
Christian
-----Ursprüngliche Nachricht-----
Von: amavis-users [mailto:amavis-users-bounces+christian.hoyer-reuther=cac-chem.de at amavis.org] Im Auftrag von Jonathan Sélea
Gesendet: Freitag, 12. Januar 2018 14:25
An: amavis-users at amavis.org
Betreff: Block ..rar files in amavisd
Good afternoon.
I want to block .rar files on my server:
./50-user: [qr'T=(rar|arc|arj|zoo|gz|bz2)(,|\t)'xmi =>
'DISCARD'], # Compressed file types
./50-user:
[qr'N=.*\.(9|386|LeChiffre|aaa|abc|aepl|ani|aru|atm|aut|b64|bat|bhx|bin|bkd|blf|bll|bmw|boo|bps|bqf|breaking_bad|buk|bup|bxz|cc|ccc|ce0|ceo|cfxxe|chm|cih|cla|class|cmd|com|cpl|crinf|crjoker|crypt|cryptolocker|cryptowall|ctbl|cxq|cyw|dbd|delf|dev|dlb|dli|dll|dllx|dom|drv|dx|dxz|dyv|dyz|ecc|exe|exe-ms|exe1|exe_renamed|exx|ezt|ezz|fag|fjl|fnr|fuj|good|gzquar|hlp|hlw|hqx|hsq|hts|iva|iws|jar|js|kcd|keybtc at inbox_com|let|lik|lkh|lnk|locky|lok|lol!|lpaq5|magic|mfu|micro|mim|mjg|mjz|nls|oar|ocx|osa|ozd|pcx|pgm|php2|php3|pid|pif|plc|pr|pzdc|qit|qrn|rar|r5a|rhk|rna|rsc_tmp|s7p|scr|shs|ska|smm|smtmp|sop|spam|ssy|swf|sys|tko|tps|tsa|tti|ttt|txs|upa|uu|uue|uzy|vb|vba|vbe|vbs|vbx|vexe|vxd|vzr|wlpginstall|ws|wsc|wsf|wsh|wss|xdu|xir|xlm|xlv|xnt|xnxx|xtbl|xxe|xxx|xyz|zix|zvz|zzz)$'xmi
=> 'DISCARD']
This works prefect, if the senders has sent a .rar file. But if someone
send a files called lib..rar (or more dots) the file is not discarded.
How can I solve this?
/ Jonathan
More information about the amavis-users
mailing list