Today (06/05/01), Robert Dalton wrote:

>I hope the following examples illustrate how to filter viruses using
>postfix, with posix regular expressions (not PCRE). If anyone finds
>problems with these expressions please report them to me.
>
>These filter file extensions such as .vbs .js .pif .scr etc.
>(note that they will catch all file extensions listed below even
>double extension files such as: bla-bla.txt.pif)
>
>/(filename|name)=".*\.(asd|chm|dll|hlp|hta|js|ocx|pif)"/ REJECT
>/(filename|name)=".*\.(scr|shb|shs|vb|vbe|vbs|wsf|wsh)"/ REJECT

There was a pretty comprehensive, instructive thread on this a few weeks
ago. Some observations regarding the above patterns:

  Since they are not anchored to the start of a line, they can produce
  false positives, e.g. if a reply employs > prefixing (which disables
  the MIME encoding).

  Since the regular expressions are case sensitive, they will produce
  false negatives against upper-cased file extensions.

  These patterns do not account for uuencoding.

  See the list archives for additional candidates for extensions to
  block.

Here is the pattern I use to anchor my regexp's at the left end of a
line:

 ^((Content-(Disposition|Type):.*|( +| )(file)?)name=|begin [0-9][0-9][0-9] ).*
                              SPACE^ ^TAB
and at the right end:

 "?(( +| )|$)
SPACE^ ^TAB

Be sure to check after your edit in case the editor tries to silently
change the whitespace.

In between the left and right ends would go one's list of extensions,
something like

   \.(ext1|ext2|ext3)

Regards,

-- 
      Rick Troxel      rickhelix.nih.gov     301/435-2983
/////////////////////////////////////////////////////////////////
All effort and exertion put forth by man from the fullness of his
heart is worship, if it  is prompted  by the  highest motives and
the will to do service to humanity.                 --Abdu'l-Baha
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]