[Mimedefang] survey: dropping password protected file
Brett Simpson
simpsonb at hillsboroughcounty.org
Mon Mar 8 15:03:42 EST 2004
On Thursday 04 March 2004 11:10 am, David F. Skoll wrote:
> On Thu, 4 Mar 2004, Brett Simpson wrote:
> > For example if someone renames a .zip to .txt then MimeDefang could
> > identify that it was renamed, by checking "the magic", and taking action.
>
> Dave O'Neill pointed out that zip files, .jar files, and OpenOffice files
> all have the same "magic", because they're all zip files under the hood.
Instead of checking the magic on blocked file extentions how about checking
the non blocked extentions.
$file_exts = '(txt|\{)';
if (lc($ext) =~ $file_exts) {
my $file_path2 = $entity->bodyhandle->path;
if (`file -i $file_path2` =~ /application\/x-dosexec/) {
md_graphdefang_log('Renamedfile', $file, $RelayAddr);
# drop it
action_discard();
return;
}
}
or
$file_exts = '(txt|\{)';
if (lc($ext) =~ $file_exts) {
my $file_path2 = $entity->bodyhandle->path;
if (`file -i $file_path2` !~ /text\/plain/) {
md_graphdefang_log('Renamedfile', $file, $RelayAddr);
# drop it
action_discard();
return;
}
}
Brett
More information about the MIMEDefang
mailing list