[Mimedefang] How can I block based on file name - not extension

Mark Penkower mark at roycenet.com
Thu Jun 24 08:52:28 EDT 2004


I use the stock code to block certain types of extensions:

# This procedure returns true for entities with bad filenames. 
sub filter_bad_filename ($) { 
my($entity) = @_; 
my($bad_exts, $re);
# Bad extensions 
$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp||jar|js|jse|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|rar|reg|scr|sct|sh|shb|shs|sys|vb|vbe|vbs|vxd|wmd|wms|wsc|wsf|wsh|zls\{[^\}]+\})';
# Do not allow: 
# - CLSIDs {foobarbaz} 
# - bad extensions (possibly with trailing dots) at end 
$re = '\.' . $bad_exts . '$'; 
return re_match($entity, $re); 
}


This works great.  I do not want to add zip to the banned lists, as zipped files are often sent with a legitimate purpose, however, I do want to ban certain zip files as they are usually associated with viruses.  For exapmle, I want to bounce any emails with the attachment - information.zip.  I would also like to return a different bounce meassage for this file.  The bounce messgae for bad extensions is here:


if (filter_bad_filename($entity)) { 
md_graphdefang_log('bad_filename', $fname, $type); 
action_bounce("We are not acepting attachments of this type"); 

What can I add to this filter to accomplish this?



Thanks



Mark Penkower



More information about the MIMEDefang mailing list