A big thank you for this!
On Thu, Oct 19, 2017 at 9:23 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> >zip:*@*encr.ourdomain.org* <http://encr.ourdomain.org/> => good-out =>
> .*|crypt\-zip
>
> yes
>
>
> >exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|
> bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|
> isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|
> pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|
> wms|wsc|wsh|rar|dotm|xlsm|(exe\-bin|:MSOM|url|ade|adp|
> asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|
> dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|
> mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|
> sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm).zip
>
>
> - :MSOM should be defined only one time
> - (....).zip makes IMHO no sense - but if used, it should be defined as
> (...)\.zip
>
> same here
> ~~StdBlockRule => block ~StdBlockExts|(~StdBlockExts).zip
> ~~StdBlockRule => block ~StdBlockExts|(~StdBlockExts)\.zip
>
> notice: brackets used with templates will not work in the current build! -
> the next release will support this
> notice: a bug in the current version causes errors, if uppercase letters
> are used in the template or rule names - the next release will fix this
>
> >zip:* => block => ~StdBlockExts|--bin <-- is that the right way to
> have an exception for bin files inside of a zip?
>
> yes
>
> *j...@ourdomain.com* <j...@ourdomain.com> => block =>
> ~StdBlockExts|:MSOM <-- adding an :MSOM exception, correct syntax?
>
> yes
>
> >*j...@ourdomain.com* <j...@ourdomain.com> => ~~StdBlockRule|:MSOM <--
> exception to a RULE? does that work?
>
> no, the definition where :MSOM should be used is missing
>
> *j...@ourdomain.com* <j...@ourdomain.com> => ~~StdBlockRule|block =>
> :MSOM would be right
>
> >zip:*@*encr.ourdomain.org* <http://encr.ourdomain.org/> => good-out =>
> .*|crypt\-zip
>
> yes
>
> >jspdfsen...@externaldomain.com => ~~StdBlockRule|:JSPDF <-- does this
> work??
>
> no - see above
>
> > ?? would I need to set a good rule here or soemthing instead? I'm
> worried that the *@* line, which I didn't have before trying the templates,
> will still be matched for the recipient and still block jspdf
>
> If a "good" rule is defined, the attachment has to match. If a "good" rule
> is not defined, the attachment will be not checked for "good".
>
> *@* matches every recipient and sender - and will be used, if there is not
> no a more exact match found
> *@* => ~~StdBlockRule
> will block for all senders and recipients according to the StdBlockRule (
> if not anything better is found)
> remember - the rule found for the recipient and the sender will be
> combined at runtime!!!
>
>
> if you want a setup for your local domains only, you may use
>
> *@ld1.com|*@ld2.com|*@ld3.com => .....
>
> Thomas
>
>
>
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.
> net>
> Datum: 18.10.2017 17:56
> Betreff: [Assp-test] UserAttach template review request
> ------------------------------
>
>
>
>
> I'm having an issue with certain very annoying outside vendors sending pdf
> files with javascript in them. I need to put in exceptions for these
> senders, so I figured now might be a good time to implement templates in
> UserAttach.
>
> I'd apprecite a quick review of my plan to make sure that I've got the
> logic correct. There's some nuance that I'm not sure I've got right, like
> excepting MSOM from a rule that includes a template that includes exe-\bin
>
> Here's what I am doing now without templates.
> In general, for all users, I want to block, in both directions:
> exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|
> cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|
> jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|
> prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|
> wsh|rar|dotm|docm|xlsm|pptm
>
> and any of those exetensions with a .zip on the end
> and any zip file that contains any of those extensions
> and any encrypted zip
>
> This works fine with my current setup. Individual exceptions are a pain,
> since I need to edit them all any time I make an extension change. (see
> the john example below). Thomas saves the day with Templates and rules!!
>
>
> The current non-template solution involves:
> Level 1 as
> exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|
> cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|
> jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|
> prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|
> wsh|rar|dotm|docm|xlsm|pptm
>
> Level 2 as
> (exe\-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|
> cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|
> jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|
> prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|
> wsh|rar|dotm|docm|xlsm|pptm).zip
>
> everyone is set to Level 2
>
> In UserAttach I have:
>
> # look in zips for these bad files too
> # *bin type removed *to allow formatted excel with printer settings
> through
> zip:* => block => exe\-bin|url|ade|adp|asx|bas|
> bat|dot|dotx|xlt|xlts|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|
> hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|
> msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|
> vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
>
> # for *al...@ourdomain.org* <al...@ourdomain.org> and monitor@, special
> alert mailboxs, allow any type of file through
> # also need to put them in noscan config so javascript isn't stripped
> *al...@ourdomain.org* <al...@ourdomain.org> => good => .*
> *moni...@ourdomain.org* <moni...@ourdomain.org> => good => .*
>
> # john gets MSOM exception to allow a bunch of annoying vendors to email
> attachments with them
> *j...@ourdomain.org* <j...@ourdomain.org> => block =>
> exe\-bin|:MSOM|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|
> bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|
> isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|
> pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|
> wms|wsc|wsh|rar|dotm|xlsm|(exe\-bin|:MSOM|url|ade|adp|
> asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|
> dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|
> mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|
> sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|xlsm).zip
>
> # anyone in the *encr.ourdomain.org* <http://encr.ourdomain.org/>
> subdomain need to be able to send encrypted zips
> # * says anything in a zip, crypt-zip says encrypted okay
> zip:*@*encr.ourdoamin.org* <http://encr.ourdoamin.org/> => good-out =>
> .*|crypt\-zip
>
>
> I'm planning to replace the above UserAttach with:
>
> # Template for all of our bad extensions
> ~StdBlockExts => exe\-bin|url|ade|adp|asx|bas|
> bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|
> hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|
> msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|
> shs|vb|vbe|vbs|vba|wms|wsc|wsh|rar|dotm|docm|xlsm|pptm
>
> # Rule that blocks bad extensions and zip files with the bad exts inside
> ~~StdBlockRule => block ~StdBlockExts|(~StdBlockExts).zip
>
> # all users by default have the StdBlockRuleApplied
> # this would be overridden by a longer user part of the definition
> # longest userpart wins. NO inheritance
> *@* => ~~StdBlockRule
>
> # for all users look inside zips for these bad files too
> # bin type is here removed to allow formatted excel with printer settings
> through which are in bin files inside of zips
> zip:* => block => ~StdBlockExts|--bin <-- is that the right way to
> have an exception for bin files inside of a zip?
>
> # for *al...@ourdomain.org* <al...@ourdomain.org> and monitor@, special
> alert mailboxs, allow any type of file through
> # also need to put them in noscan config so javascript isn't stripped
> *al...@ourdomain.org* <al...@ourdomain.org> => good => .*
> *moni...@ourdomain.org* <moni...@ourdomain.org> => good => .*
>
> # john gets MSOM exception to allow office macros through
> *j...@ourdomain.com* <j...@ourdomain.com> => block =>
> ~StdBlockExts|:MSOM <-- adding an :MSOM exception, correct syntax?
>
> or could I do
> *j...@ourdomain.com* <j...@ourdomain.com> => ~~StdBlockRule|:MSOM <--
> exception to a RULE? does that work?
>
>
> # our users in the @*encr.ourdomain.org* <http://encr.ourdomain.org/>
> subdomain need to be able to send encrypted zips
> # * says anything in a zip,
> # special definition crypt-zip says encrypted okay
> zip:*@*encr.ourdomain.org* <http://encr.ourdomain.org/> => good-out =>
> .*|crypt\-zip
>
> jspdfsen...@externaldomain.com => ~~StdBlockRule|:JSPDF <-- does this
> work??
> ?? would I need to set a good rule here or soemthing instead? I'm
> worried that the *@* line, which I didn't have before trying the templates,
> will still be matched for the recipient and still block jspdf
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
