[Mimedefang] How can I block based on file name - not extension
Mark Penkower
mark at roycenet.com
Thu Jun 24 08:52:28 EDT 2004
I use the stock code to block certain types of extensions:
# This procedure returns true for entities with bad filenames.
sub filter_bad_filename ($) {
my($entity) = @_;
my($bad_exts, $re);
# Bad extensions
$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp||jar|js|jse|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|rar|reg|scr|sct|sh|shb|shs|sys|vb|vbe|vbs|vxd|wmd|wms|wsc|wsf|wsh|zls\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '$';
return re_match($entity, $re);
}
This works great. I do not want to add zip to the banned lists, as zipped files are often sent with a legitimate purpose, however, I do want to ban certain zip files as they are usually associated with viruses. For exapmle, I want to bounce any emails with the attachment - information.zip. I would also like to return a different bounce meassage for this file. The bounce messgae for bad extensions is here:
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
action_bounce("We are not acepting attachments of this type");
What can I add to this filter to accomplish this?
Thanks
Mark Penkower
More information about the MIMEDefang
mailing list