I realize this will probably not be a popular thing to do but it works. We added zip
extensions to the bad ext list and added this code to the filter() section to allow
all zip extensions through except MyDoom/Novarg files.
if (filter_bad_filename($entity)) {
if ($fname =~ /.zip/i) {
if ($fname =~ /document|readme|doc|text|file|data|test|message|body/i) {
md_log('bad_filename', $fname, $type);
return action_quarantine($entity, "An attachment named $fname was removed
from this document.\n");
}
return action_accept();
}
md_log('bad_filename', $fname, $type);
return action_quarantine($entity, "An attachment named $fname was removed from
this document.\n");
}
I realize it will allow files with .zip.scr through and I only added this as a
temporary measure. I don't have a virus scanner on this box and wanted do what I
could to slow down this virus.
Feedback welcome on my 5min code.
Thanks,
Steve
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
