On Wed, 2004-01-28 at 09:56, [EMAIL PROTECTED] wrote: > <snip> > > Hi, > > This was exactly the scenario. This new worm can be embedded in a zip > > file. Simple Postfix attachment filters don't reject it. > </snip> > > I disagree, postfix can stop those attachments, if you got a > /etc/postfix/mime_header_checks.regexp > > and it contains this rule > /filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\"?$/ > REJECT For security reasons we reject attachments of this type > /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|zip|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))"?\s*$/ > REJECT Attachment type not allowed. File "$2" has the unacceptable extension "$3" > > they won't come true. > and change REJECT in to DROP > > Patrick
Patrick, That's not the point, or at least my point. I don't want to reject ALL zip files. I only want to reject zip files that have a virus embedded in them. Please remember the problem I'm trying to address. Someone sends me a virus infected file inside a zip, which is what has been happening for the last few days. Zip files have value. I should accept zip, and even zip with an exe in it, as long as they are not infected. That requires virus protection TTBOMK. Thanks, Mark -- [EMAIL PROTECTED] mailing list
