[Mimedefang] quarantine bad_filename messages
Marcus Schopen
lists at localguru.de
Tue Sep 9 06:12:03 EDT 2014
Hi,
I'd like to use "action_quarantine_entire_message" for messages
containing attachments with bad_filename, but not sure where to place
the quarantine command. Is "sub filter_bad_filename" the right place?
Something like this?
------------
# This procedure returns true for entities with bad filenames.
sub filter_bad_filename {
my($entity) = @_;
my($bad_exts, $re);
$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|
dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|
msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|
vxd|wmd|wms|wmz|wsc|wsf|wsh|
\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';
# quarantine message
if (re_match($entity, $re)) {
action_quarantine_entire_message("bad_filename queueid=
$QueueID,relayaddr=$RelayAddr,name=bad_filename");
};
return 1 if (re_match($entity, $re));
# Look inside ZIP files
if (re_match($entity, '\.zip$') and
$Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
}
------------
Ciao!
More information about the MIMEDefang
mailing list