OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: body checks against harmful code...
From: stephane parenton (stephane.parentonprisme.fr)
Date: Sat Dec 07 2002 - 10:21:22 CST

Franck Martin wrote:

> use the line in my previous e-mail on the pg mailing list... It works...
> I think your line expect name only and sometime it is filename.
> Send to me your small bat file, and I will tell you if it was blocked... I get an
> e-mail if it is blocked too.
> Cheers
> Francksopac.org

hi again franck... well, I don't know if you had my mail today, and since the one I
posted to the ML didn't show up, I guess that nothing was posted. I tried your
"stoplist" in my main.cf, sent a mail to myself, and it didn't stop my attachment to
be delivered. So I sent you a mail with the autoexec, and this one came back (as
expected) with the message content not accepted. so the question is what am I doing
wrong ?...

the only line in both body_checks and header_checks is
/^(.*)name\=\"(.*)\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|chm)\"$/ REJECT

I maybe missed a basic configuration thing... do I only have to say
body_checks=/etc/postfix/body_checks and header_checks= /etc/postfix/header_checks in
the main.cf ? is it enough ?

regards
stephane parenton