Hi Lena,
Thanks, I actually managed to get this working...
In your initial mail you gave:
{UNRAR l}
I changed that to {unrar lb}
with only the l argument it seems that the unrar command produces a bit
of preamble before listing the files in the archives. using lb it just
lists the files and that seems to have fixed it.
Thanks for new code below, I'll look into checking with 7zip.
Regards,
John
On 02/04/2016 18:14, [email protected] wrote:
From: John McMurray
This works well for zip files but it seems to be ignoring rar files.
I've check and double checked that both unzip and unrar are at the
locations that exim expects them to be at and that both unzip and unrar
do actually work.
UNZIP = /usr/bin/unzip
UNRAR = /usr/local/bin/unrar
deny set acl_m_att = ${if match{$mime_filename}{\N(?i)\.(zip|rar)$\N}{$1}}
condition = ${if def:acl_m_att}
message = A .$acl_m_att attachment contains a Windows-executable file
decode = default
log_message = forbidden binary in attachment: filename=$mime_filename, \
recipients=$recipients
condition = ${if match{${run{${if eqi{$acl_m_att}{zip}\
{UNZIP -l}{UNRAR l}} $mime_decoded_filename}}}\
{\N(?i)\n .+\.(zip|rar|exe|com|vbs|bat|pif|scr|vb\
|js|cmd|chm|cpl|jsp|reg|vbe|lnk|dll|sys|btm|dat|msi|prf|hta)\n\N}}
I don't know what went wrong. Can you save a .rar attachment and run this?
/usr/local/bin/unrar l FILENAME.rar | hd | less
Is filename shown? Does the string with the filename begin with a blank (20)?
unrar under FreeBSD cannot show the filename of the file inside the archive
if the filename contains Russian characters (in cp866 charset).
Another archiver 7-Zip (7z) can list contents of various archives
(zip, rar and others). Virus authors reckon that the targets/victims
have 7-Zip installed in Windows.
Under FreeBSD 7z shows question marks instead of Russian characters.
The idea to use 7z for virus filtering in Exim was proposed (by Yura Scheglyuk)
and discussed on the Russian Exim-users list (mailground.net).
P7ZIP = /usr/local/bin/7z
# port archivers/p7zip in case of FreeBSD
WINBIN = exe|com|js|pif|scr|bat|jse|cpl|vbe|vbs
# more cautious:
exe|com|js|pif|scr|bat|flv|reg|btm|chm|cmd|cpl|dat|dll|hta|jse|jsp|lnk|msi|prf|sys|vb|vbe|vbs
COMPREXT = zip|rar|7z|arj|bz2|gz|uue|xz|z
BINFORBIDDEN = Windows-executable attachments forbidden
begin acl
acl_check_mime:
deny message = BINFORBIDDEN
log_message = forbidden attachment: filename=$mime_filename, \
content-type=$mime_content_type, recipients=$recipients
condition = ${if or{\
{match{$mime_content_type}{(?i)executable}}\
{match{$mime_filename}{\N(?i)\.(WINBIN)$\N}}\
}}
deny message = Compressed BINFORBIDDEN
condition = ${if or{\
{match{$mime_content_type}{(?i)application/\
(octet-stream|x(-zip)?-compressed|zip)}}\
{match{$mime_filename}{\N(?i)\.(COMPREXT)$\N}}\
}}
condition = ${if <{$message_size}{1500K}}
decode = default
log_message = forbidden binary in attachment: filename=$mime_filename, \
recipients=$recipients
condition = ${if match{${run{P7ZIP l $mime_decoded_filename}}}\
{\N(?i)\n[12].+\.(COMPREXT|WINBIN)\n\N}}
accept
--
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
