[Mimedefang] filename matching in filter_bad_filename

Graham Dunn gdunn at inscriber.com
Mon Jun 14 15:29:18 EDT 2004


On Fri, Jun 11, 2004 at 02:17:23PM -0400, David F. Skoll wrote:
> On Fri, 11 Jun 2004, Graham Dunn wrote:
> 
> >     $secret = '^itc*\.zip$';
> 
> That regexp will match:
> 
> it.zip
> itc.zip
> itcc.zip
> itccc.zip
> etc..
> 
> You almost certainly meant to write:
> 
> $secret = '^itc.*\.zip$';

OK, even with this in there, I'm still hitting the code that checks for
bad zips.

    # Attachments matching this regexp will go through
    $secret = '^itc.*\.zip$';

    # Bad extensions
    $bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fx
p|hlp|hta|hto|inf|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|s
cr|sct|sh|shb|shs|sys|vb|vbe|vbs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{)';

    # Do not allow:
    # - CLSIDs  {foobarbaz}
    # - bad extensions (possibly with trailing dots) at end
    $re = '\.' . $bad_exts . '\.*$';

    return 1 if (re_match($entity, $re));

    return 0 if (re_match($entity, $secret));

    # Look inside ZIP files
    if  ((re_match($entity, '\.zip$')) and
        $Features{"Archive::Zip"}) {
         my $bh = $entity->bodyhandle();
          if (defined($bh)) {
            my $path = $bh->path();
            if (defined($path)) {
                return re_match_in_zip_directory($path, $re);
            }
          }
        }
    return 0;




I'm guessing there's something wrong with the way I've written this. Is
the "return 0 if (re_match($entity, $secret));" line ok?

Graham



More information about the MIMEDefang mailing list