[Mimedefang] Removing attachments with special encoding in filename
James Freeman
james at quru.com
Wed Jun 20 13:57:17 EDT 2018
Hi all,
Just joined the mailing list as I've installed mimedefang today and am
just getting to grips with it. So far all is working well - ClamAV
integration is working well, as is SpamAssassin. I am using the template
config provided with the RPM on EPEL, with just a few minor tweaks to
enable ClamAV support, and add to the Subject line when SPAM is detected.
I have one query about blocked attachments. I've been running this test
suite: https://www.emailsecuritycheck.net/index.html
This sends a set of 7 e-mails which have various reasons they should be
filtered. The first 3 pass absolutely fine, but the remaining 4 all slip
through the net. They seem to rely on doing things like special
character encoding in the filename - for example:
Content-Type: application/x-msdownload;
name="=??Q?attached.bat?="
Content-Disposition: attachment;
filename="attached.bat"
Or even putting the attachment inline with the message.
I've been playing with the filter definitions but so far I am struggling
to find a way to excluded these files and have the attachments removed.
Is there a good way to deal with these kinds of tricks in e-mails with
attachments, or a template filter config I can borrow from?
Thank you in advance,
James
--
QURU Ltd
More information about the MIMEDefang
mailing list