From 63ece80539fa08b6b9ec6f6a1518a1ac7d8c3d17 Mon Sep 17 00:00:00 2001 From: nigel Date: Mon, 23 Oct 2000 13:44:37 +0000 Subject: [PATCH 1/1] fixed main location --- mirrors.html | 6 +++--- system_filter.exim | 22 ++++++++++++++-------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/mirrors.html b/mirrors.html index 93846c5..3c62e4e 100644 --- a/mirrors.html +++ b/mirrors.html @@ -15,8 +15,8 @@
- - ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/ + + ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/
@@ -344,6 +344,6 @@
Nigel Metheringham
-

$Id: mirrors.html,v 1.10 2000/04/09 22:02:33 nigel Exp $

+

$Id: mirrors.html,v 1.1.1.1 2000/05/22 19:54:41 nigel Exp $

diff --git a/system_filter.exim b/system_filter.exim index 91f456e..18a4756 100644 --- a/system_filter.exim +++ b/system_filter.exim @@ -1,5 +1,5 @@ # Exim filter -## Version: 0.08 +## Version: 0.09 ## If you haven't worked with exim filters before, read ## the install notes at the end of this file. @@ -43,10 +43,10 @@ endif # Look for single part MIME messages with suspicious name extensions # Check Content-Type header [vb2_regexp] -if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat))" +if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif))" then fail text "This message has been rejected because it has\n\ - \tan apparently executable attachment $1\n\ + \ta potentially executable attachment $1\n\ \tThis form of attachment has been used by\n\ \trecent viruses such as that described in\n\ \thttp://www.fsecure.com/v-descs/love.htm\n\ @@ -59,10 +59,10 @@ endif # in emails. These were used as the basis for # the ILOVEYOU virus and its variants # [vb_regexp] -if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat))[\\\\s;]" +if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif)\"|[\\\\w.-]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|shs|bat|scr|pif))[\\\\s;]" then fail text "This message has been rejected because it has\n\ - \tan apparently executable attachment $1\n\ + \ta potentially executable attachment $1\n\ \tThis form of attachment has been used by\n\ \trecent viruses such as that described in\n\ \thttp://www.fsecure.com/v-descs/love.htm\n\ @@ -89,6 +89,8 @@ endif # Latest MS Outhouse bug catching # 0.08 19 July 2000 # Changed trigger length to 80 chars, fixed some spelling +# 0.09 29 September 2000 +# More extensions... its getting so we should just allow 2 or 3 through # #### Install Notes # @@ -140,7 +142,9 @@ endif # |exe # |com # |shs -# |bat) +# |bat +# |scr +# |pif) # \" # end quote # |[\w.-]+\. # unquoted filename.ext # (?:vb[se] # list of extns @@ -149,9 +153,11 @@ endif # |exe # |com # |shs -# |bat) +# |bat +# |scr +# |pif) # ) # end of filename capture -# [\s;] # trailing ;/space/newline +# [\s;] # trailing ;/space/newline # # ### [End] -- 2.30.2