[Mimedefang] files with leading dots getting past $bad_exts
Alan Lehman
alehman at gbutler.com
Sun May 16 12:31:52 EDT 2004
Running MD2.42, clamd and uvscan. mimedefang-filter is pretty much the
default, including $bad_exts.
File names beginning with a dot, (e.g. .xx.pif) get through. I have the
following in mimedefang-filter.
Any ideas?
Thanks,
Alan Lehman
sub filter_bad_filename ($) {
my($entity) = @_;
my($bad_exts, $re);
$bad_exts =
'(rar|ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';
return 1 if (re_match($entity, $re));
# Look inside ZIP files
if (re_match($entity, '\.zip$') and
$Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
More information about the MIMEDefang
mailing list