ozgurerdogan
Verified User
- Joined
- Apr 20, 2008
- Messages
- 352
Unfortunately clamd does not detect js files inside zip files and those attachemts may be hard to filter. So I want to find easier solution to block certain files but so far it does not seems to be working. I see many thread says it works well. Can you please take a look:
in exim.conf, I added below right after "check_message:"
and in exim_check_zip.sh:
and
and restared exim and send a zip file contatining a .js file.
But it does not seem to be blocking. What am I missing? I suspect condition part is not running but not sure how to debug / correct it.
in exim.conf, I added below right after "check_message:"
Code:
# check attachment
deny
message = This message contains an attachment of a type which we do not accept (.$found_extension)
demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url
# check attachment inside zip file
deny
message = Attachment has unsupported file format inside zip file
log_message = File extension rejected.
demime = zip
condition = ${run{/bin/sh -c '/usr/local/sbin/exim_check_zip.sh $message_exim_id'}{0}{1}}
and in exim_check_zip.sh:
Code:
#/bin/bash
cd "/var/spool/exim/scan/${1}"
for i in $( ls | egrep -i '[.]zip' )
do
if [ $( unzip -l "${i}" | \
tail -n +4 |head -n -2 | \
egrep -i '[.](bat|btm|cmd|com|cpl|dat|dll|exe|lnk|msi|pif|prf|reg|scr|vb|vbs|url|zip|js)$' | \
wc -l ) -gt 0 ]
then
exit 1
fi
done
exit 0
Code:
chmod +x /usr/local/sbin/exim_check_zip.sh
But it does not seem to be blocking. What am I missing? I suspect condition part is not running but not sure how to debug / correct it.
Last edited: