On 10/06/2003 at 10:29:54, Austin Mann wrote:
> This thread is getting way more action than my request
> so I figured I'd give it another try
> Does ANYONE have a body.checks.regexp file that tosses *.exe's, bat's,
> pif's, etc
> that they'd be willing to share???
I use these three (POSIX syntax, and unwrap if necessary):
/^
(file)?name=("?).*\.(bat|cmd|com|cpl|dll|exe|hta|js|jse|lnk|msi|pif|reg|scr|shb|shm|shs|vbe|vbs|vxd|wsh)("?)$/
REJECT [B03] Executable attachments not permitted; please rename the file extension
and re-send
/^([[:space:]]*)begin([[:space:]]+)([[:digit:]]{0,4})([[:space:]]+).*\.(bat|cmd|com|cpl|dll|exe|hta|js|jse|lnk|msi|pif|reg|scr|shb|shm|shs|vbe|vbs|vxd|wsh)("?)([[:space:]]*)$/
REJECT [B04] Executable attachments not permitted; please rename the file extension
and re-send
/^content.*name=("?).*\.(bat|cmd|com|cpl|dll|exe|hta|js|jse|lnk|msi|pif|reg|scr|shb|shm|shs|vbe|vbs|vxd|wsh)("?)/
REJECT [B05] Executable attachments not permitted; please rename the file extension
and re-send
If you want the PCRE versions, replacing
[:space:] with \s
[:digit:] with \d
should do it.
Those don't check for double extensions; we just block all executable
attachments. Top and bottom check for MIME attachments and the middle
one picks up uuencode attachments. No false positives here yet, but
the most recent change to those was less than a month ago.
Cheers,
Evan
