OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Andrew Blogg (apbloggbigpond.net.au)
Date: Mon Oct 08 2001 - 23:29:12 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I have done this in a round about way..

    Say for a user, in their .qmail file, you have the following

    -
    #cat .qmail-user
    ./Maildir/
    -

    What you can do, is insert at the top of the .qmail files, something like
    this.

    -
    #cat .qmail-user
    fileextcheck
    ./Maildir/
    -

    Where fileextcheck is the following.

    -
    #cat /var/qmail/bin/fileextcheck
    #!/usr/local/bin/perl
    $count = 0;
    sub errormsg
         {
            print '

            It appears you have attempted to send either a VBS Script, an
    Executable File, or a Screen Saver file,
            which are all likely to be infected by virii.

            Because of this, your message will not be delivered to the
    recipient - $RECIPIENT, or as shown below.

            Please clean your computer of any virus\'s and/or refrain from
    sending messages, which contain such attachments.

            For Anti Virus software, please check sites such as www.mcafee.com,
    www.norton.com, etc.

            If you *must* send a file as described above, and beleive it to be
    virus free, we suggest compressing the file
            with a utility such as Winzip. ( www.winzip.com ).

            --- message delivery failed.

            ';
            exit(100);
         };

    sub cleanmsg
        {
            exit(0);
        };

    sub extcheck
        {
            /.*.[Vv][Bb][Ss]/ && errormsg;
            /.*.[Cc][Oo][Mm]/ && errormsg;
            /.*.[Ee][Xx][Ee]/ && errormsg;
            /.*.[Cc][Hh][Mm]/ && errormsg;
            /.*.[Ss][Cc][Rr]/ && errormsg;
            /.*.[Hh][Tt][Aa]/ && errormsg;
            /.*.[Vv][Bb][Ee]/ && errormsg;
            /.*.[Ss][Hh][Ss]/ && errormsg;
            /.*.[Bb][Aa][Tt]/ && errormsg;
         };

    while (<STDIN>)
            {
            /.*filename=.*/ && extcheck; # If 'filename' matches, then
    search it for matching file extensions..
            /^$^$/ && cleanmsg;
            };
    -

    You can do the same principle with domains that are being forwarded to other
    mail servers with .qmail-default files for the domain etc as well.

    Hope this will help.

    -
    Andrew

    -----Original Message-----
    From: Paul Lussier [mailto:pllmclinux.com]
    Sent: Saturday, 6 October 2001 5:34 AM
    To: sopapaciudad.com.ar
    Cc: focus-linuxsecurityfocus.com
    Subject: Re: qmail file filter

    In a message dated: Wed, 03 Oct 2001 17:11:03 -0300
    Alejandro Perretta said:

    >Anyone knows a way to filter files by extension? ex. *.vbs *.exe.
    >I use qmail with Maildir.....

    If qmail can work with procmail then use that. Otherwise you can
    roll your own by writing a perl filter using the Mail::Audit module. 

    --

    Seeya,
Paul
----

    			  God Bless America!

    	...we don't need to be perfect to be the best around,
		and we never stop trying to be better.
		       Tom Clancy, The Bear and The Dragon