221 lines
3.7 KiB
HTML
221 lines
3.7 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Adding MIME and Filetype Checks</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Spam Filtering for Mail Exchangers"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Exim Implementation"
|
|
HREF="exim.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Adding SPF Checks"
|
|
HREF="exim-spf.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Adding Anti-Virus Software"
|
|
HREF="exim-av.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Spam Filtering for Mail Exchangers: </TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="exim-spf.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Appendix A. Exim Implementation</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="exim-av.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="exim-mime"
|
|
></A
|
|
>A.8. Adding MIME and Filetype Checks</H1
|
|
><P
|
|
> These checks depend on features found in Tom Kistner's
|
|
<TT
|
|
CLASS="option"
|
|
>Exiscan-ACL</TT
|
|
> patch - see <A
|
|
HREF="exim-prereq.html"
|
|
>Prerequisites</A
|
|
> for details.
|
|
</P
|
|
><P
|
|
> Exiscan-ACL includes support for MIME decoding, and file name
|
|
suffix checks (or to use a misnomer from the Windows world,
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"file extension"</SPAN
|
|
> checks). This check alone will
|
|
block most Windows virii - but not those that are transmitted in
|
|
<TT
|
|
CLASS="option"
|
|
>.ZIP</TT
|
|
> archives or those that exploit
|
|
Outlook/MSIE HTML rendering vulnerabilities - see the discussion
|
|
on <A
|
|
HREF="datachecks.html#virusscanners"
|
|
>Virus Scanners</A
|
|
>.
|
|
</P
|
|
><P
|
|
> These checks should go into <A
|
|
HREF="exim-firstpass.html#acl_data_1"
|
|
>acl_data</A
|
|
>,
|
|
before the final <TT
|
|
CLASS="option"
|
|
>accept</TT
|
|
> statement:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> # Reject messages that have serious MIME errors.
|
|
#
|
|
deny
|
|
message = Serious MIME defect detected ($demime_reason)
|
|
demime = *
|
|
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
|
|
|
|
|
|
# Unpack MIME containers and reject file extensions used by worms.
|
|
# This calls the demime condition again, but it will return cached results.
|
|
# Note that the extension list may be incomplete.
|
|
#
|
|
deny
|
|
message = We do not accept ".$found_extension" attachments here.
|
|
demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
><P
|
|
> You will note that the <TT
|
|
CLASS="option"
|
|
>demime</TT
|
|
> condition is
|
|
invoked twice in the example above. However, the results are
|
|
cached, so the message is not actually processed twice.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="exim-spf.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="exim-av.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Adding SPF Checks</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="exim.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Adding Anti-Virus Software</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |