# Exim filter
-## Version: 0.14
-# $Id: sysfilter.tmpl,v 1.1 2001/08/15 10:01:01 nigel Exp $
+## Version: 0.15
+# $Id: sysfilter.tmpl,v 1.3 2001/08/17 12:46:51 nigel Exp $
## Exim system filter to refuse potentially harmful payloads in
## mail messages
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(.+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))"
+if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(.+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))[\\\\s;]"
+if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
# library files, cutting down on manual duplication.
# Changed \w in filename detection to . - dodges locale problems
# Explicit application of GPL after queries on license status
+# 0.15 17 August, 2001
+# Chnaged the . in filename detect to \S (stops it going mad)
#
#### Install Notes
#
# Exim filter
-## Version: 0.14
-# $Id: system_filter.exim,v 1.6 2001/08/15 10:02:33 nigel Exp $
+## Version: 0.15
+# $Id: system_filter.exim,v 1.7 2001/08/17 12:47:12 nigel Exp $
## Exim system filter to refuse potentially harmful payloads in
## mail messages
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(.+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))"
+if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(.+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))[\\\\s;]"
+if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
# library files, cutting down on manual duplication.
# Changed \w in filename detection to . - dodges locale problems
# Explicit application of GPL after queries on license status
+# 0.15 17 August, 2001
+# Chnaged the . in filename detect to \S (stops it going mad)
#
#### Install Notes
#