[Mimedefang] odd filename
Joseph Brennan
brennan at columbia.edu
Wed Jul 2 14:23:00 EDT 2003
--On Wednesday, July 2, 2003 11:20 -0600 Lucas Albers
<admin at cs.montana.edu> wrote:
> Joseph,
> Could you post the complete modifications you've made to check for bad
> filenames?
The version du jour follows. In sub filter($$$$) ...
# Check for bad extensions ( filter_bad_filename() defined above )
if (filter_bad_filename($entity)) {
if ($type =~ /audio/) {
md_log('bad_filename_rejected', $fname, $type);
return action_bounce("Bad audio attachment");
}
elsif ($ext =~ /(pif)/) {
md_log('bad_filename_commonvirus3', $fname, $type);
return action_bounce("Bad attachment");
}
elsif ($fname =~/^\"\S+\.(pif|scr)$/) {
md_log('bad_filename_commonvirus2', $fname, $type);
return action_bounce("Bad attachment");
}
elsif ($Subject =~ /^(Worm Klez.E immunity|A.* .*game|W32.*removal
tools)/) {
md_log('bad_filename_commonvirus', $fname, $type);
return action_bounce("Bad attachment");
}
else {
md_log('bad_filename', $fname, $type);
return action_replace_with_warning("$GeneralWarning\nAn
attachment named $fname\nwas removed from this message as a possible
security hazard.\n");
}
}
# SobigE Active till July 14 2003
if ($fname =~
/(your_details.zip|application.zip|document.zip|screensaver.zip|movie.zip)/
) {
md_log('bad_filename_commonvirus4', $fname, $type);
return action_bounce("Bad attachment");
}
More information about the MIMEDefang
mailing list