Re: [exim] How to block the mails which contain .exe inside a zip file

Tue, 14 Jan 2014 01:18:35 -0800 

Thanks Duane,
I have installed Clamav in my server still i am not able to stop the mails containing .exe file inside the zip file using Clamav. Basically i have tested it with a setup .exe file which is not a virus. and exim is even not stopping it... 


I have got one more method to do the same from a post, and it is working 
for me.


Put these lines in exim.conf

*deny    log_message = DENY: ZIP with Binary Attachment found**
**        message = DENY: We don't allow Binary files in Zip files \n \**
**          If you have questions please contact at 09282192727**
**        demime = zip**
**        condition = ${run\**
**                  {/etc/exim/check_zip $message_id}\**
**                  {0}{1}}*

create a script at /etc/exim/check_zip

*#!/usr/bin/ksh**
**###############################################################**
**# Locates an zip file and looks for extensions that end in**
**# .exe .pif .com .cmd and .bat**
**###############################################################**
**# Location of files**
**###############################################################**
**SCANDIR='/var/spool/exim/scan/'**
**UNZIP='/usr/bin/unzip'**
**###############################################################**
**cd ${SCANDIR}/$1**
**for i in `ls | egrep -i *.zip`**
**do**
**if [ `$UNZIP -l $i | egrep -i '(.exe$|.com$|.cmd$|.pif$|.bat$)' | wc -l`**
**-gt 0 ];**
**then**
**exit 1**
**fi**
**done**
**exit 0*

But I will really Appreciate if some one can do that with Clamav.

Heartly thanks to Duane for help..  :)


Regards,
Anant

On Monday 13 January 2014 11:08 PM, Duane Hill wrote:

Monday, January 13, 2014, 4:52:01 PM, you wrote:


Hello Guys,
I am new to exim. I want to block all the mails containing
.exe(attachment) So for that i used that in my exim file
acl_check_mime:
    # File extension filtering.
    deny message = Blacklisted file extension detected
         condition = ${if match \
                          {${lc:$mime_filename}} \

                         
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} \

                       {1}{0}}
But now my problem is that many of user is sending .exe inside the .zip
file, Please Guide me how can i block that mails. Any help is appriciated.

If  1)  you scan and reject with ClamAV, and 2) strictly use ClamAV on
the  email  server  for  scanning  email  messages,  you  can set up a
ClamAV  signature  to  detect executables from within archives. ClamAV
also has a config option to block password/encrypted archives.



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to