Hallo Leute!
Ist zwar eine amavisd-Frage, aber vielleicht kann mir hier geholfen
werden.
Mein Problem:
.exe Dateien in .rar Archiven werden nicht blockiert (nur in .zip
Dateien). Wie kann ich amavisd so konfigurieren, dass .exe Dateien
auch in .rar Archiven geblockt und in Quarantäne geschoben werden.
Hier noch ein Auszug meiner amavisd.conf
$banned_filename_re = new_RE(
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable
components
qr'^\.(exe-ms|dll)$', # banned file(1) types,
rudimentary
# qr'^\.(exe|lha|cab|dll)$', # banned file(1) types
### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or
bzip2
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in
Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions -
rudimentary
# qr'^\.zip$', # block zip type
### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within
these archives
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
# qr'^message/partial$'i, # rfc2046 MIME type
# qr'^message/external-body$'i, # rfc2046 MIME type
# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile
MIME type
# qr'^\.wmf$', # Windows Metafile file(1)
type
# block certain double extensions in filenames
qr'^(?!cid:).*\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID
CLSID, strict
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension
CLSID, loose
qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension -
basic
# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension -
basic+cmd
#
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#
inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
# wmf|wsc|wsf|wsh)$'ix, # banned ext - long
# qr'.\.(ani|cur|ico)$'i, # banned cursors and icons
filename
# qr'^\.ani$', # banned animated cursor
file(1) type
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension -
WinZip vulnerab.
);
--
Mit freundlichen Grüßen
Andreas Wass