X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/63ece80539fa08b6b9ec6f6a1518a1ac7d8c3d17..f72f9157e9079eb1f3d04756ccbe4f13015c4711:/system_filter.exim diff --git a/system_filter.exim b/system_filter.exim index 18a4756..8dc8bb1 100644 --- a/system_filter.exim +++ b/system_filter.exim @@ -1,5 +1,6 @@ # Exim filter -## Version: 0.09 +## Version: 0.10 +# $Id$ ## If you haven't worked with exim filters before, read ## the install notes at the end of this file. @@ -35,21 +36,30 @@ then seen finish endif -# drop out error messages here -if error_message +# This is a nasty compromise. +# This crud is now being sent with a <> envelope sender, but +# blocking all error messages that pattern match prevents +# bounces getting back.... so we fudge it somewhat +if $header_from: contains "@sexyfun.net" then + fail text "This message has been rejected since it has\n\ + \tthe signature of a known virus in the header." + seen finish +endif +if error_message and $header_from: contains "Mailer-Daemon@" +then + # looks like a real error message - just ignore it finish endif # Look for single part MIME messages with suspicious name extensions # Check Content-Type header [vb2_regexp] -if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif))" +if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|bat|scr|pif))" then fail text "This message has been rejected because it has\n\ \ta potentially executable attachment $1\n\ \tThis form of attachment has been used by\n\ - \trecent viruses such as that described in\n\ - \thttp://www.fsecure.com/v-descs/love.htm\n\ + \trecent viruses or other malware.\n\ \tIf you meant to send this file then please\n\ \tpackage it up as a zip file and resend it." seen finish @@ -59,13 +69,12 @@ endif # in emails. These were used as the basis for # the ILOVEYOU virus and its variants # [vb_regexp] -if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif))[\\\\s;]" +if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|bat|scr|pif))[\\\\s;]" then fail text "This message has been rejected because it has\n\ \ta potentially executable attachment $1\n\ \tThis form of attachment has been used by\n\ - \trecent viruses such as that described in\n\ - \thttp://www.fsecure.com/v-descs/love.htm\n\ + \trecent viruses or other malware.\n\ \tIf you meant to send this file then please\n\ \tpackage it up as a zip file and resend it." seen finish @@ -91,6 +100,12 @@ endif # Changed trigger length to 80 chars, fixed some spelling # 0.09 29 September 2000 # More extensions... its getting so we should just allow 2 or 3 through +# 0.10 18 January 2001 +# Removed exclusion for error messages - this is a little nasty +# since it has other side effects, hence we do still exclude +# on unix like error messages +# 0.11 20 March, 2001 +# Added CMD extension, tidied docs slightly, added RCS tag # #### Install Notes # @@ -108,6 +123,13 @@ endif # message_filter = /etc/exim/system_filter.exim # message_body_visible = 5000 # +# You may also want to set the message_filter_user & message_filter_group +# options, but they default to the standard exim user and so can +# be left untouched. The other message_filter_* options are only +# needed if you modify this to do other functions such as deliveries. +# The main exim documentation is quite thorough and so I see no need +# to expand it here... +# # Any message that matches the filter will then be bounced. # If you wish you can change the error message by editing it # in the section above - however be careful you don't break it. @@ -141,6 +163,7 @@ endif # |jse? # |exe # |com +# |cmd # |shs # |bat # |scr @@ -152,6 +175,7 @@ endif # |jse? # |exe # |com +# |cmd # |shs # |bat # |scr