OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: duncan hall (duncanviator.com)
Date: Mon Jan 14 2002 - 19:15:46 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    If all you want to do is block attachments a simple procmailrc recipe
    like this will block emails
    with offending attachments and send the sender a message telling them
    the email was blocked.

    [duncanhallmail duncanhall]$ cat /etc/procmailrc

    SYSADMIN=postmasterdomain.com
    RETURNPATH=`grep -e "return-path" -i | sed "s/^.*<//;s/>//"`
    MAILSUBJECT=`grep -e "^subject" -i | sed 's/[Ss]ubject. //g'`
    FINALRECIP=`grep -e "delivered-to" -i | sed "s/^.* //;s/ //"`
    SAVEDEMAIL = "from-$RETURNPATH-To-$FINALRECIP"

     :0 BH

     # This rule blocks unwanted file attachments
     *filename=".*\.(ocx|vbs|shs|pif|vbe|hta|scr|scp|mp3|bat|exe|doc)"

    {
     :0 c
     | ( \
        echo "To: $SYSADMIN";\
        echo "To: $FINALRECIP";\
        echo "To: $RETURNPATH";\
        echo "From: $SYSADMIN";\
        echo "Subject: Blocked e-mail attachment from $RETURNPATH to
    $FINALRECIP";\
        echo "X-Loop: E-Mail Anti-virus agent"; \
        echo ;\
        echo 'The mail system successfully caught and quarantined an e-mail
    with an ' ;\
        echo 'attachment that is blocked for security reasons .' ;\
        echo ;\
        echo sent to $FINALRECIP from $RETURNPATH;\
        echo The subject was: $MAILSUBJECT;\
        echo ;\
        echo ;\
        echo ;\
       ) | $SENDMAIL -U $SYSADMIN $FINALRECIP $RETURNPATH

    :0 # save the email in case somebody chucks a wobbly and you need to
    retrieve it.
     /tmp/$SAVEDEMAIL

    }

    Frederic Lepied wrote:
    >
    > Denis HAVLIK <denismandrakesoft.com> writes:
    >
    > > Folks,
    > >
    > > Why don't we make a really simple anti-virus program, which simply rejects
    > > all .doc, .exe, etc attachements? I for one would love to have such a
    > > possibility in postfix configuration. Something like:
    > >
    >
    > Something like that:
    >
    > http://www.roaringpenguin.com/mimedefang/
    > --
    > Fred - May the source be with you
    >
    > For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
    > message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
    > go to http://www.mandrakesecure.net/.

    For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
    message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
    go to http://www.mandrakesecure.net/.