[Mimedefang] Fw: You`ve got 1 VoiceMessage!

[Kevin A. McGrail]

We are seeing an influx of .pif files attached to emails today.  Looks like
virii.  Anyway, to combat this, we have added a small enhancement to
filter_bad_filename that I've discussed before:

# Really Bad extensions we never want
    $bad_exts = '(pif|scr|bat\{[^\}]+\})';
    $re = '\.' . $bad_exts . '\.*$';
    return 2 if (re_match($entity, $re));

I have then implemented this feature with a simple change to the filter
where filter_bad_filename is called

if (filter_bad_filename($entity) == 2) {
        md_graphdefang_log('really_bad_filename');
        action_bounce("This file type not accepted here");
        return action_discard();
    } elsif (filter_bad_filename($entity)) {
...
}

Recommend this be added and comments on additional discussion about never
valid to email file extensions would be appreciated.

Regards,
KAM



> An attachment named link.voicemessage.com.listen.index.php1Ab2c.pif was
removed from this document as it
> constituted a security hazard.  If you require this document, please
contact
> the sender and arrange an alternate means of receiving it.