git://git.exim.org
/
exim-website.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fixed syntax
[exim-website.git]
/
system_filter.exim
diff --git
a/system_filter.exim
b/system_filter.exim
index 4aab7eb4dc2f836026f2a2e7dbb192aaeab8d1b2..e91a88020f5ba66ec17b67f3f2ba17c7ac1dd123 100644
(file)
--- a/
system_filter.exim
+++ b/
system_filter.exim
@@
-1,6
+1,6
@@
# Exim filter
# Exim filter
-## Version: 0.1
4
-# $Id: sys
tem_filter.exim,v 1.6 2001/08/15 10:02:33
nigel Exp $
+## Version: 0.1
7
+# $Id: sys
filter.tmpl,v 1.4 2001/09/19 10:19:42
nigel Exp $
## Exim system filter to refuse potentially harmful payloads in
## mail messages
## Exim system filter to refuse potentially harmful payloads in
## mail messages
@@
-80,7
+80,7
@@
endif
## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:
vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif
)\")"
+if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:
ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]
)\")"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
@@
-91,7
+91,7
@@
then
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(
.+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif
))"
+if $header_content-type: matches "(?:file)?name=(
\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]
))"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
@@
-108,7
+108,7
@@
endif
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:
vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif
)\")[\\\\s;]"
+if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:
ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]
)\")[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
@@
-119,7
+119,7
@@
then
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(
.+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif
))[\\\\s;]"
+if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(
\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]
))[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
@@
-172,6
+172,12
@@
endif
# library files, cutting down on manual duplication.
# Changed \w in filename detection to . - dodges locale problems
# Explicit application of GPL after queries on license status
# library files, cutting down on manual duplication.
# Changed \w in filename detection to . - dodges locale problems
# Explicit application of GPL after queries on license status
+# 0.15 17 August, 2001
+# Changed the . in filename detect to \S (stops it going mad)
+# 0.16 19 September, 2001
+# Pile of new extensions including the eml in current use
+# 0.17 19 September, 2001
+# Syntax fix
#
#### Install Notes
#
#
#### Install Notes
#
@@
-225,18
+231,32
@@
endif
# (?:file)?name= # filename=/name=
# |begin (?>\s+) [0-7]{3,4} (?>\s+)) # begin octal-mode
# (\"[^\"]+\. # quoted filename.
# (?:file)?name= # filename=/name=
# |begin (?>\s+) [0-7]{3,4} (?>\s+)) # begin octal-mode
# (\"[^\"]+\. # quoted filename.
-# (?:vb[se] # list of extns
-# |ws[fh]
-# |jse?
-# |exe
-# |com
+# (?:ad[ep] # list of extns
+# |ba[st]
+# |chm
# |cmd
# |cmd
-# |shs
+# |com
+# |cpl
+# |crt
+# |eml
+# |exe
+# |hlp
# |hta
# |hta
-# |bat
-# |scr
+# |in[fs]
+# |isp
+# |jse?
# |lnk
# |lnk
-# |pif)
+# |md[be]
+# |ms[cipt]
+# |pcd
+# |pif
+# |reg
+# |scr
+# |sct
+# |shs
+# |url
+# |vb[se]
+# |ws[fhc])
# \" # end quote
# ) # end of filename capture
# [\s;] # trailing ;/space/newline
# \" # end quote
# ) # end of filename capture
# [\s;] # trailing ;/space/newline
git://git.exim.org / exim-website.git / blobdiff