PDA

View Full Version : [Content filter] Reject dangerous attachments



ICEWARP_BRAZIL
06-20-2011, 10:41 AM
- We dont accept executable attachments, please zip your file. Use this as a title so its shown to users upon rejection.

Condition where attachment uses regex, so it checks if suffix at the end. So it accepts file.com.doc, but rejects file.doc.com.

Where Attachment name matches \.ade$|\.adp$|\.bat$|\.cmd$|\.com$|\.cpl$|\.crt$|\ .exe$|\.hlp$|\.hta$|\.inf$|\.ins$|\.isp$|\.js$|\.j se$|\.mde$|\.msc$|\.msi$|\.msp$|\.mst$|\.pcd$|\.pi f$|\.reg$|\.scr$|\.sct$|\.shs$|\.vb$|\.vbe$|\.vbs$ |\.wsc$|\.wsf$|\.wsh$
Reject message
and Stop processing more rules
and Forward to cfauditsexe@mydomain.com

The big challenge is how to really detect file types so users dont rename the suffix and it passes...