<dl>
<dt>
<b>
- <a href="ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/">
- ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/
+ <a href="ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/">
+ ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/
</a>
</b>
</dt>
<hr>
<address><a href="mailto:Postmaster@exim.org">Nigel Metheringham</a></address>
<!-- Created: Mon Aug 25 15:46:41 BST 1997 -->
- <h4>$Id: mirrors.html,v 1.10 2000/04/09 22:02:33 nigel Exp $</h4>
+ <h4>$Id: mirrors.html,v 1.1.1.1 2000/05/22 19:54:41 nigel Exp $</h4>
</body>
</html>
# Exim filter
-## Version: 0.08
+## Version: 0.09
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header [vb2_regexp]
-if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat))"
+if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif))"
then
fail text "This message has been rejected because it has\n\
- \tan apparently executable attachment $1\n\
+ \ta potentially executable attachment $1\n\
\tThis form of attachment has been used by\n\
\trecent viruses such as that described in\n\
\thttp://www.fsecure.com/v-descs/love.htm\n\
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants
# [vb_regexp]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat))[\\\\s;]"
+if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif))[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
- \tan apparently executable attachment $1\n\
+ \ta potentially executable attachment $1\n\
\tThis form of attachment has been used by\n\
\trecent viruses such as that described in\n\
\thttp://www.fsecure.com/v-descs/love.htm\n\
# Latest MS Outhouse bug catching
# 0.08 19 July 2000
# Changed trigger length to 80 chars, fixed some spelling
+# 0.09 29 September 2000
+# More extensions... its getting so we should just allow 2 or 3 through
#
#### Install Notes
#
# |exe
# |com
# |shs
-# |bat)
+# |bat
+# |scr
+# |pif)
# \" # end quote
# |[\w.-]+\. # unquoted filename.ext
# (?:vb[se] # list of extns
# |exe
# |com
# |shs
-# |bat)
+# |bat
+# |scr
+# |pif)
# ) # end of filename capture
-# [\s;] # trailing ;/space/newline
+# [\s;] # trailing ;/space/newline
#
#
### [End]
git://git.exim.org / exim-website.git / commitdiff