[Mimedefang] Selectively blocking .zip files

[Graham Dunn]

We send and receive a fair amount of .zip file containing file types in
the $bad_exts category. As such, I'm trying to come up with a simple
method to allow certain zip files through, while excluding the nasty
ones.

The first shot I've taken at this is getting people to add a prefix onto
their zip attachment (supersecretword in the example). It's sort of
cludgy, but is very simple to communicate and doesn't change the
workflow.

Does anyone have ideas about potential problems with this?

# This procedure returns true for entities with bad filenames.
sub filter_bad_filename ($) {
    my($entity) = @_;
    my($bad_exts, $re, $secret);

    # Tacking this on to the start of the zip name will let it through
    $secret = 'supersecretword';

    # Bad extensions
    $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fx
p|hlp|hta|hto|inf|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|s
cr|sct|sh|shb|shs|sys|vb|vbe|vbs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{)';

    # Do not allow:
    # - CLSIDs  {foobarbaz}
    # - bad extensions (possibly with trailing dots) at end
    $re = '\.' . $bad_exts . '\.*$';

    return 1 if (re_match($entity, $re));

    # Look inside ZIP files unless the filename starts with our secret code
    if !(re_match($entity, '^$secret*\.zip$) and 
        (re_match($entity, '\.zip$') and                                        
        $Features{"Archive::Zip"}) {             
        my $bh = $entity->bodyhandle();
        if (defined($bh)) {
            my $path = $bh->path();
            if (defined($path)) {
                return re_match_in_zip_directory($path, $re);
            }
        }
    }
    return 0;
}