[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] ID wwywxugwisi... thanks



On Tuesday 17 February 2004 23:13, Sjag Steensma wrote:

> > fact, I'm rejecting these kinds of attachments on incoming e-mail for a
> > while (so I missed the e-mail starting this thread).
> Good, how did you do that?

Postfix header checks is my friend:

	header_checks = pcre:/etc/postfix/header_checks
	mime_header_checks = $header_checks

The file /etc/postfix/header_checks contains (amongst other filtering rules) 
the following group of lines (white space IS important here):

/^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\.(
        386|ba[st]|bin|c[ho]m|cmd|cpl|dll|drv|exe|hlp|hta|
        in[fis]|isp|js|jse|lnk|ms[cipt]|ocx|pif|reg|sc[rt]|
        sh[bs]|sys|url|vb|vb[es]|vxd|ws[cfh]))"?\s*$/
        REJECT Attachment file type not allowed ("$2" has the extension ".$3")

This will block (almost) all e-mail with (Windows) executable attachments.

Best regards,
Arjen

PS  I read this mailinglist too, so there is absolutely no reason to CC me as 
well. In fact, I usually ignore traffic to this address NOT from the 
mailinglist server.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here