The regexp you provided should work in blocking any filename.tmp.exe. The
attachments has to follow that exact naming pattern i.e. it must be *.tmp.exe.
Any other variation it will not match. This one should work too:
(tmp){1,}.*(exe){1,}
From: Indunil Jayasooriya [mailto:[email protected]]
Sent: Thursday, March 17, 2016 4:25 AM
To: Dino Edwards <[email protected]>
Cc: [email protected]
Subject: Re: block a particular double extension files in amavisd.conf
On Thu, Mar 17, 2016 at 1:46 PM, Dino Edwards
<[email protected]<mailto:[email protected]>> wrote:
While users surf the Internet? So, not coming through e-mail?
Your point is OK. But, I am afraid that an attacker sends emails to our
domain with those attachment, I want my mail filer to block it.
I want to take an action for it in the future
comments?
,
From: amavis-users
[mailto:amavis-users-bounces+dino.edwards<mailto:amavis-users-bounces%2Bdino.edwards>[email protected]<mailto:[email protected]>]
On Behalf Of Indunil Jayasooriya
Sent: Thursday, March 17, 2016 1:10 AM
To: [email protected]<mailto:[email protected]>
Subject: block a particular double extension files in amavisd.conf
Hi,
I want to block files having double extensions. while users surf internet, some
files such as e7ea.tmp.exe will be automatically downloaded.
e7ea.tmp.exe is a ransomware. Attackers can send mails with files of these
types as well.
Now, I want to block files having double extension such as filenames.tmp.exe
format.
I think below regex is OK to insert in to amavisd.conf file.
qr'.\.(tmp)\.exe$'i, # block this double extension
any comment?
--
cat /etc/motd
Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
--
cat /etc/motd
Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
