On Wed, 2004-01-28 at 09:56, [EMAIL PROTECTED] wrote:
<snip>
Hi,
This was exactly the scenario. This new worm can be embedded in a zip
file. Simple Postfix attachment filters don't reject it.
</snip>
I disagree, postfix can stop those attachments, if you got a /etc/postfix/mime_header_checks.regexp
and it contains this rule
/filename=\"?(.*)\.(bat|chm|cmd|com|do|exe|hta|jse|rm|scr|pif|vbe|vbs|vxd|xl)\"?$/
REJECT For security reasons we reject attachments of this type
/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(lnk|asd|hlp|ocx|zip|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wav|mov|wmf|xl))"?\s*$/
REJECT Attachment type not allowed. File "$2" has the unacceptable extension "$3"
they won't come true.
and change REJECT in to DROP
Patrick
Patrick, That's not the point, or at least my point. I don't want to reject ALL zip files. I only want to reject zip files that have a virus embedded in them. Please remember the problem I'm trying to address. Someone sends me a virus infected file inside a zip, which is what has been happening for the last few days. Zip files have value. I should accept zip, and even zip with an exe in it, as long as they are not infected. That requires virus protection TTBOMK.
Have you tried amavis? It hooks into the postfix delivery chain, and will recursively extract all files from archives and check them for viruses using the antivirus of your choice. So you can be sent a virused exe inside a zip inside an lha inside an arc and it will still catch it.
-- Manuel A. McLure KE6TAW <[EMAIL PROTECTED]> <http://www.mclure.org> ...for in Ulthar, according to an ancient and significant law, no man may kill a cat. -- H.P. Lovecraft
-- [EMAIL PROTECTED] mailing list
