X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/c2e23e7ce94ea74b4387ecd7c03415a84dc58dab..4c51cef59384b27d3d397cc897118de32c4f7650:/filter/system_filter.exim

diff --git a/filter/system_filter.exim b/filter/system_filter.exim
index 0c54507..356ea86 100644
--- a/filter/system_filter.exim
+++ b/filter/system_filter.exim
@@ -1,6 +1,6 @@
 # Exim filter
-## Version: 0.15
-#	$Id: sysfilter.tmpl,v 1.3 2001/08/17 12:46:51 nigel Exp $
+## Version: 0.16
+#	$Id: sysfilter.tmpl,v 1.4 2001/09/19 10:19:42 nigel Exp $
 
 ## Exim system filter to refuse potentially harmful payloads in
 ## mail messages
@@ -80,7 +80,7 @@ endif
 ## -----------------------------------------------------------------------
 # Look for single part MIME messages with suspicious name extensions
 # Check Content-Type header using quoted filename [content_type_quoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif)\")"
+if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif)|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
 then
   fail text "This message has been rejected because it has\n\
 	     potentially executable content $1\n\
@@ -91,7 +91,7 @@ then
   seen finish
 endif
 # same again using unquoted filename [content_type_unquoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))"
+if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif)|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
 then
   fail text "This message has been rejected because it has\n\
 	     potentially executable content $1\n\
@@ -108,7 +108,7 @@ endif
 # in emails.   These were used as the basis for 
 # the ILOVEYOU virus and its variants - many many varients
 # Quoted filename - [body_quoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif)\")[\\\\s;]"
+if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif)|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
 then
   fail text "This message has been rejected because it has\n\
 	     a potentially executable attachment $1\n\
@@ -119,7 +119,7 @@ then
   seen finish
 endif
 # same again using unquoted filename [body_unquoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif))[\\\\s;]"
+if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif)|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
 then
   fail text "This message has been rejected because it has\n\
 	     a potentially executable attachment $1\n\
@@ -173,7 +173,9 @@ endif
 #	Changed \w in filename detection to . - dodges locale problems
 #	Explicit application of GPL after queries on license status
 # 0.15 17 August, 2001
-#	Chnaged the . in filename detect to \S (stops it going mad)
+#	Changed the . in filename detect to \S (stops it going mad)
+# 0.16 19 September, 2001
+#	Pile of new extensions including the eml in current use
 #
 #### Install Notes
 #
@@ -227,18 +229,32 @@ endif
 #	  (?:file)?name=				# filename=/name= 
 #	  |begin (?>\s+) [0-7]{3,4} (?>\s+)) 		# begin octal-mode
 #	  (\"[^\"]+\.					# quoted filename.
-#		(?:vb[se]				# list of extns
-#		|ws[fh]
-#		|jse?
-#		|exe
-#		|com
+#		(?:ad[ep]				# list of extns
+#		|ba[st]
+#		|chm
 #		|cmd
-#		|shs
+#		|com
+#		|cpl
+#		|crt
+#		|eml
+#		|exe
+#		|hlp
 #		|hta
-#		|bat
-#		|scr
+#		|in[fs]
+#		|isp
+#		|jse?
 #		|lnk
+#		|md[be]
+#		|ms[cipt]
+#		|pcd
 #		|pif)
+#		|reg
+#		|scr
+#		|sct
+#		|shs
+#		|url
+#		|vb[se]
+#		|ws[fhc])
 #	  \"						# end quote
 #	  )						# end of filename capture
 #	  [\s;]						# trailing ;/space/newline