Re: [Exim-users] mime_decoded_filename

Wed, 21 Dec 2016 06:12:43 -0800 

Hi!

> 21 дек. 2016 г., в 16:04, Mikhail Golub <[email protected]> написал(а):
> 
> И снова здравствуйте.
> 
> Было правило и вроде работало (когда добавлял).
> 
> deny message = This message contains dangerous file(s) in 
> ${uc:${extract{-1}{.}{$mime_filename}}} attachment.
>     condition = ${if <{$message_size}{2500K}{1}{0}}
>     condition = ${if 
> match{$mime_filename}{\N(?i)\.(7z|arj|bz2|gz|rar|uue|z|zip|xz)$\N}}
>     decode = default
>     condition = ${if match{${run{/usr/local/bin/7z l 
> $mime_decoded_filename}}} 
> {\N(?i)\.(com|pif|scr|lnk|exe|js|zip|jar|bat|cmd)\n\N} }
>     log_message = REJECTED: dangerous file in 
> ${uc:${extract{-1}{.}{$mime_filename}}} attachment
> 
> Но сегодня пришел "злобный" вирус в письме с вложением "Новый.scr.uue"
> 
> ------=_NextPart_000_0A96_01D25B89.ECC77EF0
> Content-Type: application/octet-stream;
>       name="=?windows-1251?B?ze7i++kuc2NyLnV1ZQ==?="
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
>       filename="=?windows-1251?B?ze7i++kuc2NyLnV1ZQ==?="
> 
> И правило не сработало :(

А если
${if match {${rfc2047d:$mime_filename}}
?

> Если выполнить скан по $mime_decoded_filename
> # 7z l /var/spool/exim/scan/1cJhIo-000D1o-SQ/1cJhIo-000D1o-SQ-00002
> получу
> Path = /var/spool/exim/scan/1cJhIo-000D1o-SQ/1cJhIo-000D1o-SQ-00002
> Type = bzip2
> 
>   Date      Time    Attr         Size   Compressed  Name
> ------------------- ----- ------------ ------------ ------------------------
>                    ..... 1cJhIo-000D1o-SQ-00002~
> ------------------- ----- ------------ ------------ ------------------------
>                                             215412  1 files
> 
> 
> 
> А если
> # 7z l /home/user/Новый.scr.uue
> то
> Path = /home/user/Новый.scr.uue
> Type = bzip2
>   Date      Time    Attr         Size   Compressed  Name
> ------------------- ----- ------------ ------------ ------------------------
>                    .....                            Новый.scr
> ------------------- ----- ------------ ------------ ------------------------
>                                             215412  1 files
> 
> В Exim что-то не донастроено?
> 
> 
> 
> -- 
> Mikhail Golub
> 
> _______________________________________________
> Exim-users mailing list
> [email protected]
> http://mailground.net/mailman/listinfo/exim-users
> 

-- 
Victor Cheburkin
VC319-RIPE, VC1-UANIC


_______________________________________________
Exim-users mailing list
[email protected]
http://mailground.net/mailman/listinfo/exim-users

Ответить