Exim and rejected executable attachments

[GoranTornqvist]

Hello,
I have a question for you guys about this Exim-message which is returned when someone mails an executables attachment to our DA-server:

This message has been rejected because it has
a potentially executable attachment "file.mdb"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."

I'm unsure if it's a good thing that these e-mails are blocked and if was thinking of the pros and cons when it comes to removing this filter.
It's good that potentially harmful files, like viruses, get blocked. But it also blocks legitimate attachments and causing "problems" for some of our customers (the problem is they´re to lazy to pack the file and resend it hehe).

What are your thoughts about this "setting", have you disabled it on your server or is it enabled? Why?
Is there a way to only block files that really are executables, like .exe and .vbs files?

I rather leave this setting as it is but then I need a good answer for my customers

 

[albatroz]

Hi,
Does anybody have an update on this?

I need to unblock the delivery of *.mdb
file attachments...

 

[GoranTornqvist]

I solved it...

in: /etc/system_filter.exim

There is a lot of sections like this:

if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|cmd|com|cpl|crt|exe|hlp|hta|in[fs]|isp|jse?|ms[ci$
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif

Make sure you remove the mdb and mbe filetypes...in ALL the sections...there's more than one.

I think it lookes like this:

md[be]