yawn, we are all already blocking all "dangerous" attachments, aren't we?Attachment: masteraz.exe
I suppose somebody can translate these IMGate/postifx filters into Imail and declude rules:
mime_header_checks
# block windows executables
/^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(
ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|eml|exe|hlp|hta|
inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|
ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|url|
vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))"?\s*$/x
REJECT Attachment name "$2" may not end with ".$3"
# block iframe hack
/<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>/
REJECT iframe exploit detected
# UUencoded files
/^begin(-base64)? [0-9]{1,4} (.*\.(
ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|
eml|exe|hlp|hta|inf|ins|isp|js|jse|lnk|
mdb|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|
pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|
url|vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))$/x
REJECT Encoded file name "$1" may not end with ".$2"
And you still need an SMTP AV scanner.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
