Mailinglist Archive: opensuse-security (605 mails)

< Previous Next >
AW: [suse-security] postfix regexp in body_checks
  • From: "Philipp Snizek" <mailinglists@xxxxxxxxx>
  • Date: Fri, 5 Oct 2001 12:48:02 +0200
  • Message-id: <000801c14d8b$357334a0$b600000a@xxxxxxxxxxxxxx>


> > Hi,
> >
> > I hope I hit the right list with my request. I'm trying to
> set up a filter for postfix to filter
> > malicious stuff like all windows executables. For MIME
> encoded headers I had no problem, this works
> > fine. But if the header is uuencode, the attachment is only
> visible in the e-mail's body. I tried a
> > regexp like /.*\.(bat|exe|cmd|vbs|vba)/ REJECT in
> /etc/postfix/body_checks which should filter all
> > *.bat|and so on. But nothing at all happens. Mails go thru
> as if there wasn't an obstacle.
>
> i think you should look into the postfix-users archive, its
> discussed many times
> (you know that list ;)

Oh yes I am. As you are too.

> try that one:
> /^(.*)name\=\"(.*)\.(com|pif|vbs|vbe|exe|bat|cmd)\"$/ REJECT

copy-pased, reloaded postfix, sent mail, mail arrived in good shape = test failed. Tested on a
different postfix system, failed as well. Think we're searching in the wrong corner. This is the
mailheader of my testmail (UUENCODE):

>From testuser@xxxxxxxxx Fri Oct 5 12:37:56 2001
X-UIDL: XLN"!D7/"!_e\!!P]I!!
Return-Path: <testuser@xxxxxxxxx>
Delivered-To: testuser@xxxxxxxxxxxxxx
Received: from client01 (unknown [10.0.0.182])
by mx.belfin.reinach (Postfix) with SMTP id B8F5B9FE32
for <testuser@xxxxxxxxxxxxxx>; Fri, 5 Oct 2001 12:37:55 +0200 (CEST)
From: "testuser" <testuser@xxxxxxxxx>
To: <testuser@xxxxxxxxxxxxxx>
Subject: WG: test
Date: Fri, 5 Oct 2001 12:14:06 +0200
Message-ID: <000001c14d86$779d52c0$b600000a@xxxxxxxxxxxxxx>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Status: U



> -----Ursprungliche Nachricht-----
> Von: testuser [mailto:testuser@xxxxxxxxx]
> Gesendet: Freitag, 5. Oktober 2001 12:12
> An: testuser@xxxxxxxxxxxxxx
> Betreff: test
>
>
>

begin 666 AUTOEXEC.BAT
`
end


thank you
Philipp



< Previous Next >
Follow Ups
References