Hi qmailers,
Attached is the modified version of my checkattach script.
This time it will check filenames like THIS.IS.A.VBS.VIRUS.txt.vbs
If you have comments please let me know.
cheers
Noel Mistula
-----Original Message-----
From: Erwin Hoffmann <[EMAIL PROTECTED]>
To: System Administrator <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, 8 June 2000 5:32
Subject: Re: Script Required
>Hi
>
>I picked up the small skript "checkattach" from Noel G. Mistula and
>modified to do "Subject:" type filtering.
>
>Do the following:
>
>1. Install the script in /usr/local/bin.
>2. chmod +x checksubj
>3. Add this skript into your user's .qmail files and - if applicable - into
>/var/qmail/alias/.qmail-default (first line:)
>
>|/usr/local/bin/checksubj
>~/Maildir/
>
>etc.
>
>4. Modify the subject text fields in "checksubj" to your needs, eg. add
>"|*insurance*". The script evaluates the string case sensitive! It allows
>wildcards, but be carefull!
>
>5. The sender becomes the E-Mail bounced.
>6. You can watch the results (and test the script) viewing your Maillog.
>
>cheers.
>eh.
>
#!/bin/bash
#
# qmail -- checkattach
# Author: Noel G. Mistula <[EMAIL PROTECTED]>
# Date: 28 June 1999 Version: 0.1
# I appreciate any comment to this quick and dirty way of filtering attachment.
#
# Modified: 7 July 1999 Version: 0.3
# Modified: 7 May 2000 Version: 0.4
# This is release under the GNU/GPL.
# This is a very crude program. Use at your own risk.
# This will bounce incoming email with executable,
# video and other attachments. Just remove/add
# whichever filetype (e.g. EXE, AVI, COM) is required.
#
# I use this in a user's .qmail file
# by adding the line
# |/usr/local/bin/checkattach
# before the ./Maildir/
#
# Make sure to chmod 555 /usr/local/bin/checkattach
# so that qmail users can execute it.
# Start program here.
### This part is the new version (ver. 0.3)
printmsg () {
echo "The reason your email was rejected is you sent an attachment that can
cause problems."
echo "Sorry, the attachment you sent is in violation of our company's policy
because it can cause problems like virus, or increase traffic load, or delete file(s)
and/or among others."
echo "Please disable HTML formatting when sending email because Visual Basic
Script Worms/Virus normally exploits this."
echo "--- Attachment filetype you sent is $ATTYPE"
}
#
# Check for NOT allowed attachment.
# Here you can include more filetype you want.
#
checktype () {
case $ATTYPE in
VBS | VBE | JSE | CSS | WSH | SCT | HTA | VXD | EXE | HTM | DOT | HLP
| PAK | DAT | PCX | PPS | COM | BAT | CMD | AVI | MOV | RAM | OCX | CAB | SHS | CLA |
RA | BMP | MPE | MPG | MP3 | MP4 | WAV | AUD | AU | DLL)
printmsg $ATTYPE
exit 100;;
*)
;;
esac
}
#ATTACHTYPE=`grep "filename=" - | gawk '{split($NF, results, ".");
r=toupper(results[2]); print r}' | cut -c -3`
####Below doesn't work if more than 2 fields in name=
#ATTACHTYPE=`grep "name=" - | gawk '{split($NF, results, "."); r=toupper(results[3]);
print r}' | cut -c -3`
#### End of ver. 0.3
####Below works OK
## This part is recently modified (7may2000) because I noticed that the gawk part in
the
## ATTACHTYPE above, doesn't properly check when you have a filename like
## THIS.IS.A.VBS.VIRUS.txt.vbs
## The ATTACHTYPE below resolves this problem ;).
ATTACHTYPE=`grep "name=" - | gawk 'BEGIN {FS="."}; {print toupper($NF)}' | cut -c -3`
for ATTYPE in $ATTACHTYPE
do
checktype $ATTYPE
done
#### End of ver. 0.4
exit 0
�
