Thanks I created my own script from your example and from a list of potential dangerous attachments from Microsoft
I've included the URL for anyone who is interested. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xpreski t/html/outg03.asp I first check if there are any attachments (i.e. Content-Type * boundary) before checking for the type of attachment. Any suggestions for improvements would be appreciated. if(/Content-Type:.*boundary/) { if (/.*name=.*\.adp\"/:b \ || /.*name=.*\.adp\"/:b \ || /.*name=.*\.asx\"/:b \ || /.*name=.*\.bas\"/:b \ || /.*name=.*\.bat\"/:b \ || /.*name=.*\.chm\"/:b \ || /.*name=.*\.cmd\"/:b \ || /.*name=.*\.com\"/:b \ || /.*name=.*\.cpl\"/:b \ || /.*name=.*\.crt\"/:b \ || /.*name=.*\.exe\"/:b \ || /.*name=.*\.hlp\"/:b \ || /.*name=.*\.hta\"/:b \ || /.*name=.*\.inf\"/:b \ || /.*name=.*\.ins\"/:b \ || /.*name=.*\.isp\"/:b \ || /.*name=.*\.js\"/:b \ || /.*name=.*\.jse\"/:b \ || /.*name=.*\.lnk\"/:b \ || /.*name=.*\.mda\"/:b \ || /.*name=.*\.mdb\"/:b \ || /.*name=.*\.mde\"/:b \ || /.*name=.*\.mdz\"/:b \ || /.*name=.*\.msc\"/:b \ || /.*name=.*\.msi\"/:b \ || /.*name=.*\.msp\"/:b \ || /.*name=.*\.mst\"/:b \ || /.*name=.*\.pcd\"/:b \ || /.*name=.*\.pif\"/:b \ || /.*name=.*\.prf\"/:b \ || /.*name=.*\.reg\"/:b \ || /.*name=.*\.scf\"/:b \ || /.*name=.*\.scr\"/:b \ || /.*name=.*\.sct\"/:b \ || /.*name=.*\.shb\"/:b \ || /.*name=.*\.shs\"/:b \ || /.*name=.*\.url\"/:b \ || /.*name=.*\.vb\"/:b \ || /.*name=.*\.vbe\"/:b \ || /.*name=.*\.vbs\"/:b \ || /.*name=.*\.wsc\"/:b \ || /.*name=.*\.wsf\"/:b \ || /.*name=.*\.wsh\"/:b ) { to "[EMAIL PROTECTED]" } } Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ian Ward Sent: Sunday, February 03, 2002 9:17 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [courier-users] Attachment filtering > > Is it possible to have courier remove attachments such as exe, com, > bat, url, etc on incoming mail, as well as, indicate in the message > that the attachment was removed? < SAM - do not read this you will hate it > I use the following in my .mailfilter file: # Quarantine if( ! /From:.*mydomain.com.au/) if(/.*name=.*\.exe\"/:b \ || /.*name=.*\.vbs\"/:b \ || /.*name=.*\.bat\"/:b \ || /.*name=.*\.com\"/:b \ || /.*name=.*\.scr\"/:b \ || /.*name=.*\.pif\"/:b ) { to "Maildir/.Quarantine" } It scans the body of the message for matching lines. It's crude but traps suspect messages sent to me. I also use the following in the global /etc/courier/maildroprc, this will redirect all suspect mail in my domain to me (and then subsequently into quarantine) if(/Delivered-To:.*ian\@mydomain.com.au/) { } else if(/.*name=.*\.exe\"/:b \ || /.*name=.*\.vbs\"/:b \ || /.*name=.*\.bat\"/:b \ || /.*name=.*\.com\"/:b \ || /.*name=.*\.scr\"/:b \ || /.*name=.*\.pif\"/:b ) { to "[EMAIL PROTECTED]" } </SAM> I do not recommend you do this on a busy server, it can load the server. Ian _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
