Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Problem with IMAP2 and body_check
  • From: Sven Michels <smichels@xxxxxxxxxxxx>
  • Date: Mon, 07 Jan 2002 12:25:49 +0100
  • Message-id: <3C3985BD.7DF5C0E7@xxxxxxxxxxxx>
Peer-Joachim Koch wrote:
>
> Hi,
>
> we are using the suse IMAP2 mail server. I have added
> a body_check statemant to reject exe and other stuff.
> However it works for outgoing mail, but not for incoming !
> I looked in the mailinglist and tried a few attach_filters,
> but none of them worked.
>
> Any idea ?
>
> system suse imap2 + H+BEDV Antiviren Scanner
> main.cf:
> ----------------------
> ...
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases, ldap:ldapaliases, ldap:ldapml
> body_checks = regexp:/etc/postfix/attach_filter
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> content_filter = smtp:localhost:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 10
> default_privs = cyrus
> header_checks = regexp:/etc/postfix/attach_filter
> ....
> ----------------------------
> #cat attach_filter
> /^begin [0-9]+ .*\.(dll|pif|vb|vbe|vbs|exe|com|bat|lnk)/ REJECT

maybe, your attachments are not encoded, try to add:
/^(.*)name\=\"(.*)\.(hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|eml|hlp|spl|swf|shb|vba|dll|reg|ocx|wsf|wsh|lnk)\"$/
REJECT

and don't forget to reload ;)

--
intraDAT AG http://www.intradat.com
Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0
D - 60329 Frankfurt am Main Fax: +49 69-25629-256
Junk mail is war. RFCs do not apply.

< Previous Next >
Follow Ups
References