[Mimedefang] Fw: You`ve got 1 VoiceMessage!
Kevin A. McGrail
kmcgrail at pccc.com
Sat Jun 12 12:34:55 EDT 2004
We are seeing an influx of .pif files attached to emails today. Looks like
virii. Anyway, to combat this, we have added a small enhancement to
filter_bad_filename that I've discussed before:
# Really Bad extensions we never want
$bad_exts = '(pif|scr|bat\{[^\}]+\})';
$re = '\.' . $bad_exts . '\.*$';
return 2 if (re_match($entity, $re));
I have then implemented this feature with a simple change to the filter
where filter_bad_filename is called
if (filter_bad_filename($entity) == 2) {
md_graphdefang_log('really_bad_filename');
action_bounce("This file type not accepted here");
return action_discard();
} elsif (filter_bad_filename($entity)) {
...
}
Recommend this be added and comments on additional discussion about never
valid to email file extensions would be appreciated.
Regards,
KAM
> An attachment named link.voicemessage.com.listen.index.php1Ab2c.pif was
removed from this document as it
> constituted a security hazard. If you require this document, please
contact
> the sender and arrange an alternate means of receiving it.
More information about the MIMEDefang
mailing list