[Mimedefang] filename matching in filter_bad_filename
Graham Dunn
gdunn at inscriber.com
Mon Jun 14 15:29:18 EDT 2004
On Fri, Jun 11, 2004 at 02:17:23PM -0400, David F. Skoll wrote:
> On Fri, 11 Jun 2004, Graham Dunn wrote:
>
> > $secret = '^itc*\.zip$';
>
> That regexp will match:
>
> it.zip
> itc.zip
> itcc.zip
> itccc.zip
> etc..
>
> You almost certainly meant to write:
>
> $secret = '^itc.*\.zip$';
OK, even with this in there, I'm still hitting the code that checks for
bad zips.
# Attachments matching this regexp will go through
$secret = '^itc.*\.zip$';
# Bad extensions
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fx
p|hlp|hta|hto|inf|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|s
cr|sct|sh|shb|shs|sys|vb|vbe|vbs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{)';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';
return 1 if (re_match($entity, $re));
return 0 if (re_match($entity, $secret));
# Look inside ZIP files
if ((re_match($entity, '\.zip$')) and
$Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
I'm guessing there's something wrong with the way I've written this. Is
the "return 0 if (re_match($entity, $secret));" line ok?
Graham
More information about the MIMEDefang
mailing list