Re: Exim filter for attachments ?
On Mon, 8 May 2000, [iso-8859-2] Jaros³aw Tabor wrote:
> Hello!
Hi,
>
> Does someone know, how to create filter which can fail or freeze
> messages with '*.exe', '*.vbs' ?
I think you have seen the msgs about procmail filtering today. Well, I
just played with exim system filter option and came out with a initial
filter that can extended to match your needs.
the filter is (please exim gurus improve it; it's my first step in this
area):
-----------------------------------------------
# Exim filter
if $header_Content-type matches "(multipart/mixed|application/octet-stream)"
then
# if $header_Content-Disposition matches "(attachment|inline)"
# then
if $message_body matches ".*ame(=|:).*\".*\.(vbs|wsf|exe)\""
then
deliver some_wise_user_for_pre_analisys@localhost
endif
# endif
endif
-------------------------------
the file must start with # Exim filter
this is not a my comment; it's a exim requirement.
also note that I tried to incorporate the Content-Disposition header but
I think it's not always present.
also note that I wouldn't able to change the names of the files; instead
I deliver the messages to postmaster for checking and then, it's safe,
to the original user (they're preserved in the headers).
[]s
Mario O.de Menezes "Many are the plans in a man's heart, but
IPEN-CNEN/SP is the Lord's purpose that prevails"
http://curiango.ipen.br/~mario Prov. 19.21
http://www.revistalinux.com.br
Reply to: