From b40358cdb323181d74ec3b968408fd73353c8911 Mon Sep 17 00:00:00 2001 From: Nigel Metheringham Date: Tue, 29 Mar 2005 21:08:58 +0000 Subject: [PATCH 1/1] Removed filter generating code - this should never be used now --- filter/body_quoted_fn_match | 10 -- filter/body_unquoted_fn_match | 9 - filter/content_type_header | 3 - filter/content_type_quoted_fn_match | 9 - filter/content_type_unquoted_fn_match | 8 - filter/extension_regexp | 30 ---- filter/header_regexp | 10 -- filter/mkfilter.pl | 74 --------- filter/process_re2filtermatch.pl | 50 ------ filter/sysfilter.tmpl | 228 -------------------------- filter/test_regexp.pl | 24 --- filter/vb2_regexp | 21 --- filter/vb_regexp | 34 ---- 13 files changed, 510 deletions(-) delete mode 100644 filter/body_quoted_fn_match delete mode 100644 filter/body_unquoted_fn_match delete mode 100644 filter/content_type_header delete mode 100644 filter/content_type_quoted_fn_match delete mode 100644 filter/content_type_unquoted_fn_match delete mode 100644 filter/extension_regexp delete mode 100644 filter/header_regexp delete mode 100644 filter/mkfilter.pl delete mode 100644 filter/process_re2filtermatch.pl delete mode 100644 filter/sysfilter.tmpl delete mode 100644 filter/test_regexp.pl delete mode 100644 filter/vb2_regexp delete mode 100644 filter/vb_regexp diff --git a/filter/body_quoted_fn_match b/filter/body_quoted_fn_match deleted file mode 100644 index dbef067..0000000 --- a/filter/body_quoted_fn_match +++ /dev/null @@ -1,10 +0,0 @@ -# $Id$ -# -# Match a body attachment with quoted filename -# -#include header_regexp - (\"[^\"]+\. # quoted filename. -#include extension_regexp - \" # end quote - ) # end of filename capture - [\s;] # trailing ;/space/newline diff --git a/filter/body_unquoted_fn_match b/filter/body_unquoted_fn_match deleted file mode 100644 index 7620499..0000000 --- a/filter/body_unquoted_fn_match +++ /dev/null @@ -1,9 +0,0 @@ -# $Id: body_unquoted_fn_match,v 1.2 2001/08/15 10:01:01 nigel Exp $ -# -# Match a body attachment with unquoted filename -# -#include header_regexp - (\S+\. # unquoted filename.ext -#include extension_regexp - ) # end of filename capture - [\s;] # trailing ;/space/newline diff --git a/filter/content_type_header b/filter/content_type_header deleted file mode 100644 index 88a3d75..0000000 --- a/filter/content_type_header +++ /dev/null @@ -1,3 +0,0 @@ -# $Id$ -# Matches the header part - (?:file)?name= # filename=/name= diff --git a/filter/content_type_quoted_fn_match b/filter/content_type_quoted_fn_match deleted file mode 100644 index f68fa55..0000000 --- a/filter/content_type_quoted_fn_match +++ /dev/null @@ -1,9 +0,0 @@ -# $Id$ -# -# Match the content-type header with quoted filename -# -#include content_type_header - (\"[^\"]+\. # quoted filename. -#include extension_regexp - \" # end quote - ) # end of filename capture diff --git a/filter/content_type_unquoted_fn_match b/filter/content_type_unquoted_fn_match deleted file mode 100644 index 95115f6..0000000 --- a/filter/content_type_unquoted_fn_match +++ /dev/null @@ -1,8 +0,0 @@ -# $Id: content_type_unquoted_fn_match,v 1.2 2001/08/15 10:01:01 nigel Exp $ -# -# Match the content-type header with quoted filename -# -#include content_type_header - (\S+\. # unquoted filename.ext -#include extension_regexp - ) # end of filename capture diff --git a/filter/extension_regexp b/filter/extension_regexp deleted file mode 100644 index d20f470..0000000 --- a/filter/extension_regexp +++ /dev/null @@ -1,30 +0,0 @@ -# $Id: extension_regexp,v 1.3 2001/09/19 10:19:42 nigel Exp $ -# matches the list of extensions -# uses non-capturing brackets - (?:ad[ep] # list of extns - |ba[st] - |chm - |cmd - |com - |cpl - |crt - |eml - |exe - |hlp - |hta - |in[fs] - |isp - |jse? - |lnk - |md[be] - |ms[cipt] - |pcd - |pif - |reg - |scr - |sct - |shs - |url - |vb[se] - |ws[fhc]) -# end diff --git a/filter/header_regexp b/filter/header_regexp deleted file mode 100644 index cf5161e..0000000 --- a/filter/header_regexp +++ /dev/null @@ -1,10 +0,0 @@ -# $Id$ -# Matches the header part - (?:Content- # start of content header - (?:Type: (?>\s*) # rest of c/t header - [\w-]+/[\w-]+ # content-type (any) - |Disposition: (?>\s*) # content-disposition hdr - attachment) # content-disposition - ;(?>\s*) # ; space or newline - (?:file)?name= # filename=/name= - |begin (?>\s+) [0-7]{3,4} (?>\s+)) # begin octal-mode diff --git a/filter/mkfilter.pl b/filter/mkfilter.pl deleted file mode 100644 index 41dbfbb..0000000 --- a/filter/mkfilter.pl +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -# -use strict; -use FileHandle; - - - -sub process_refile { - my $fn = shift; - - my $re; - print STDERR "Opening $fn\n"; - my $fh = FileHandle->new($fn, 'r') || die $!; - while (<$fh>) { - chomp(); - # process includes - if (/^\#include\s/) { - my($junk, $nfn) = split; - $re .= process_refile($nfn); - next; - } - # ignore comments starting at the begining of the line - next if (/^\#/); - # dispose of comments with their leading spaces - s/\s+\#.*$//; - # recode \" -> " - s/\\\"/\"/g; - # double all \ (twice) - s/\\/\\\\/g; - s/\\/\\\\/g; - # escape " again - s/\"/\\\"/g; - # remove all space - s/\s+//g; - # add to re - $re .= $_; - } - return $re; -} - - - -sub process_recfile { - my $fn = shift; - - my $re; - print STDERR "Opening $fn\n"; - my $fh = FileHandle->new($fn, 'r') || die $!; - while (<$fh>) { - chomp(); - # process includes - if (/^\#include\s/) { - my($junk, $nfn) = split; - $re .= process_recfile($nfn); - next; - } - # skip comment only and blank lines - next if (/^\#/); - next if (/^\s*$/); - $re .= "#\t$_\n"; - } - return $re; -} - - - -# main -{ - while(<>) { - s/\[\[([a-z0-9_]+)\]\]/process_refile($1)/ge; - s/\[\<([a-z0-9_]+)\>\]/process_recfile($1)/ge; - print; - } -} diff --git a/filter/process_re2filtermatch.pl b/filter/process_re2filtermatch.pl deleted file mode 100644 index 851a40f..0000000 --- a/filter/process_re2filtermatch.pl +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/perl -# -use strict; -use FileHandle; - - - -sub process_file { - my $fn = shift; - - my $re; - print STDERR "Opening $fn\n"; - my $fh = FileHandle->new($fn, 'r') || die $!; - while (<$fh>) { - chomp(); - # process includes - if (/^\#include\s/) { - my($junk, $nfn) = split; - $re .= process_file($nfn); - next; - } - # ignore comments starting at the begining of the line - next if (/^\#/); - # dispose of comments with their leading spaces - s/\s+\#.*$//; - # recode \" -> " - s/\\\"/\"/g; - # double all \ (twice) - s/\\/\\\\/g; - s/\\/\\\\/g; - # escape " again - s/\"/\\\"/g; - # remove all space - s/\s+//g; - # add to re - $re .= $_; - } - return $re; -} - - - -# main -{ - my $re; - while($_ = shift) { - $re .= process_file($_); - } - print "\"$re\"\n"; -} diff --git a/filter/sysfilter.tmpl b/filter/sysfilter.tmpl deleted file mode 100644 index 8aacee8..0000000 --- a/filter/sysfilter.tmpl +++ /dev/null @@ -1,228 +0,0 @@ -# Exim filter -## Version: 0.17 -# $Id: sysfilter.tmpl,v 1.4 2001/09/19 10:19:42 nigel Exp $ - -## Exim system filter to refuse potentially harmful payloads in -## mail messages -## (c) 2000-2001 Nigel Metheringham -## -## This program is free software; you can redistribute it and/or modify -## it under the terms of the GNU General Public License as published by -## the Free Software Foundation; either version 2 of the License, or -## (at your option) any later version. -## -## This program is distributed in the hope that it will be useful, -## but WITHOUT ANY WARRANTY; without even the implied warranty of -## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -## GNU General Public License for more details. -## -## You should have received a copy of the GNU General Public License -## along with this program; if not, write to the Free Software -## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -## -A copy of the GNU General Public License is distributed with exim itself - -## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -## If you haven't worked with exim filters before, read -## the install notes at the end of this file. -## The install notes are not a replacement for the exim documentation -## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - -## ----------------------------------------------------------------------- -# Only run any of this stuff on the first pass through the -# filter - this is an optomisation for messages that get -# queued and have several delivery attempts -# -# we express this in reverse so we can just bail out -# on inappropriate messages -# -if not first_delivery -then - finish -endif - -## ----------------------------------------------------------------------- -# Check for MS buffer overruns as per BUGTRAQ. -# http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61 -# This could happen in error messages, hence its placing -# here... -# We substract the first n characters of the date header -# and test if its the same as the date header... which -# is a lousy way of checking if the date is longer than -# n chars long -if ${length_80:$header_date:} is not $header_date: -then - fail text "This message has been rejected because it has\n\ - an overlength date field which can be used\n\ - to subvert Microsoft mail programs\n\ - The following URL has further information\n\ - http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61" - seen finish -endif - -## ----------------------------------------------------------------------- -# These messages are now being sent with a <> envelope sender, but -# blocking all error messages that pattern match prevents -# bounces getting back.... so we fudge it somewhat and check for known -# header signatures. Other bounces are allowed through. -if $header_from: contains "@sexyfun.net" -then - fail text "This message has been rejected since it has\n\ - the signature of a known virus in the header." - seen finish -endif -if error_message and $header_from: contains "Mailer-Daemon@" -then - # looks like a real error message - just ignore it - finish -endif - -## ----------------------------------------------------------------------- -# Look for single part MIME messages with suspicious name extensions -# Check Content-Type header using quoted filename [content_type_quoted_fn_match] -if $header_content-type: matches "[[content_type_quoted_fn_match]]" -then - fail text "This message has been rejected because it has\n\ - potentially executable content $1\n\ - This form of attachment has been used by\n\ - recent viruses or other malware.\n\ - If you meant to send this file then please\n\ - package it up as a zip file and resend it." - seen finish -endif -# same again using unquoted filename [content_type_unquoted_fn_match] -if $header_content-type: matches "[[content_type_unquoted_fn_match]]" -then - fail text "This message has been rejected because it has\n\ - potentially executable content $1\n\ - This form of attachment has been used by\n\ - recent viruses or other malware.\n\ - If you meant to send this file then please\n\ - package it up as a zip file and resend it." - seen finish -endif - - -## ----------------------------------------------------------------------- -# Attempt to catch embedded VBS attachments -# in emails. These were used as the basis for -# the ILOVEYOU virus and its variants - many many varients -# Quoted filename - [body_quoted_fn_match] -if $message_body matches "[[body_quoted_fn_match]]" -then - fail text "This message has been rejected because it has\n\ - a potentially executable attachment $1\n\ - This form of attachment has been used by\n\ - recent viruses or other malware.\n\ - If you meant to send this file then please\n\ - package it up as a zip file and resend it." - seen finish -endif -# same again using unquoted filename [body_unquoted_fn_match] -if $message_body matches "[[body_unquoted_fn_match]]" -then - fail text "This message has been rejected because it has\n\ - a potentially executable attachment $1\n\ - This form of attachment has been used by\n\ - recent viruses or other malware.\n\ - If you meant to send this file then please\n\ - package it up as a zip file and resend it." - seen finish -endif -## ----------------------------------------------------------------------- - - -#### Version history -# -# 0.01 5 May 2000 -# Initial release -# 0.02 8 May 2000 -# Widened list of content-types accepted, added WSF extension -# 0.03 8 May 2000 -# Embedded the install notes in for those that don't do manuals -# 0.04 9 May 2000 -# Check global content-type header. Efficiency mods to REs -# 0.05 9 May 2000 -# More minor efficiency mods, doc changes -# 0.06 20 June 2000 -# Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan -# 0.07 19 July 2000 -# Latest MS Outhouse bug catching -# 0.08 19 July 2000 -# Changed trigger length to 80 chars, fixed some spelling -# 0.09 29 September 2000 -# More extensions... its getting so we should just allow 2 or 3 through -# 0.10 18 January 2001 -# Removed exclusion for error messages - this is a little nasty -# since it has other side effects, hence we do still exclude -# on unix like error messages -# 0.11 20 March, 2001 -# Added CMD extension, tidied docs slightly, added RCS tag -# ** Missed changing version number at top of file :-( -# 0.12 10 May, 2001 -# Added HTA extension -# 0.13 22 May, 2001 -# Reformatted regexps and code to build them so that they are -# shorter than the limits on pre exim 3.20 filters. This will -# make them significantly less efficient, but I am getting so -# many queries about this that requiring 3.2x appears unsupportable. -# 0.14 15 August,2001 -# Added .lnk extension - most requested item :-) -# Reformatted everything so its now built from a set of short -# library files, cutting down on manual duplication. -# Changed \w in filename detection to . - dodges locale problems -# Explicit application of GPL after queries on license status -# 0.15 17 August, 2001 -# Changed the . in filename detect to \S (stops it going mad) -# 0.16 19 September, 2001 -# Pile of new extensions including the eml in current use -# 0.17 19 September, 2001 -# Syntax fix -# -#### Install Notes -# -# Exim filters run the exim filter language - a very primitive -# scripting language - in place of a user .forward file, or on -# a per system basis (on all messages passing through). -# The filtering capability is documented in the main set of manuals -# a copy of which can be found on the exim web site -# http://www.exim.org/ -# -# To install, copy the filter file (with appropriate permissions) -# to /etc/exim/system_filter.exim and add to your exim config file -# [location is installation depedant - typicaly /etc/exim/config ] -# in the first section the line:- -# message_filter = /etc/exim/system_filter.exim -# message_body_visible = 5000 -# -# You may also want to set the message_filter_user & message_filter_group -# options, but they default to the standard exim user and so can -# be left untouched. The other message_filter_* options are only -# needed if you modify this to do other functions such as deliveries. -# The main exim documentation is quite thorough and so I see no need -# to expand it here... -# -# Any message that matches the filter will then be bounced. -# If you wish you can change the error message by editing it -# in the section above - however be careful you don't break it. -# -# After install exim should be restarted - a kill -HUP to the -# daemon will do this. -# -#### LIMITATIONS -# -# This filter tries to parse MIME with a regexp... that doesn't -# work too well. It will also only see the amount of the body -# specified in message_body_visible -# -#### BASIS -# -# The regexp that is used to pickup MIME/uuencoded body parts with -# quoted filenames is replicated below (in perl format). -# You need to remember that exim converts newlines to spaces in -# the message_body variable. -# -[] -# -# -### [End] diff --git a/filter/test_regexp.pl b/filter/test_regexp.pl deleted file mode 100644 index b16d9fa..0000000 --- a/filter/test_regexp.pl +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/perl -# -# Test a regexp against a file (message) -# -use strict; -use FileHandle; -use Carp; - -my $refile = shift; -my $infile = shift; - -my $rfh = FileHandle->new($refile, 'r')|| croak; -my @relines = <$rfh>; -grep(s/\s*\#.*$//, @relines); -chomp(@relines); -my $repat = join('', @relines); -my $re = qr{$repat}ix; - -my $infh = FileHandle->new($infile, 'r')|| croak; -my $in = join('', <$infh>); -$in =~ tr/\r\n/ /; - -print "no " unless ($in =~ /$re/); -print "match\n"; diff --git a/filter/vb2_regexp b/filter/vb2_regexp deleted file mode 100644 index 24be5a7..0000000 --- a/filter/vb2_regexp +++ /dev/null @@ -1,21 +0,0 @@ - (?:file)?name= # filename=/name= - (\"[^\"]+\. # quoted filename. - (?:vb[se] # list of extns - |ws[fh] - |jse? - |exe - |com - |shs - |hta - |bat) - \" # end quote - |[\w.-]+\. # unquoted filename.ext - (?:vb[se] # list of extns - |ws[fh] - |jse? - |exe - |com - |shs - |hta - |bat) - ) # end of filename capture diff --git a/filter/vb_regexp b/filter/vb_regexp deleted file mode 100644 index d0630b2..0000000 --- a/filter/vb_regexp +++ /dev/null @@ -1,34 +0,0 @@ - (?:Content- # start of content header - (?:Type: (?>\s*) # rest of c/t header - [\w-]+/[\w-]+ # content-type (any) - |Disposition: (?>\s*) # content-disposition hdr - attachment) # content-disposition - ;(?>\s*) # ; space or newline - (?:file)?name= # filename=/name= - |begin (?>\s+) [0-7]{3,4} (?>\s+)) # begin octal-mode - (\"[^\"]+\. # quoted filename. - (?:vb[se] # list of extns - |ws[fh] - |jse? - |exe - |com - |cmd - |shs - |hta - |bat - |scr - |pif) - \" # end quote - |[\w.-]+\. # unquoted filename.ext - (?:vb[se] # list of extns - |ws[fh] - |jse? - |exe - |com - |shs - |hta - |bat - |scr - |pif) - ) # end of filename capture - [\s;] # trailing ;/space/newline -- 2.30.2