The aim is to have a table containing a list of regexes that are matched against MIME filenames. If a filename matches, the message is rejected with an error from the table.
To do this, put the following in your acl_smtp_mime:
deny
message = Bad attachment filename ($mime_filename): $acl_m0
set acl_m0 = ${lookup {$mime_filename} \
nwildlsearch {/etc/exim/mime_regexes} }
condition = ${if def:acl_m0 }The file mime_regexes contains entries like
^.*\.exe executable files are dangerous in email
^.*\.scr screensavers are dangerous in email
^.*\s{10} possible file type hiding attack
^.{50} excessively longOr you can just put such all-in-one
deny message = Unwanted file extension ($found_extension) demime = bat:com:lnk:pif:scr:vbs:ade:adep:asd:chm:cmd:cpl:crt:dll:hlp:hta:inf:isp:jse:ocx:pcd:reg:url
The configuration files abouve without exim.checkpkt.sh has in ConfigurationFile session To filter in zip files:
deny demime = zip:rar:arj:tar:tgz:gz:bz2
condition = ${run{/usr/bin/exim.checkpkt.sh $message_exim_id ${lc:$found_extension}}{no}{yes}}
message = This message contains an unwanted binary Attachment in ${uc:$found_extension} file.
delay = 15sThe content of exim.checkpkt.sh file is:
#Definicoes
EXTENS='(ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|in[fs]|isp|jse?|jar|lnk|md[bez]|ms[cipt]|ole|ocx|pcd|pif|reg|sc
[rt]|sh[sb]|sys|url|vb[es]?|vxd|ws[cfh]|cab)'
#Extensoes atualmente reconhecidas
COMPAC='(zip|rar|arj|tgz|tar|gz|bz2)'
#Previne arquivos compactados dentro de compactados
EXTENS='[.]('${EXTENS}'|'${COMPAC}')'
cd /var/spool/exim/scan/$1
#Todos arquivos do arquivo compactado
for i in `ls | egrep -i "${COMPAC}$"`; do
#arquivos ZIP
if [ "`echo $i | egrep -i '[.](zip)$'`" != "" ]; then
#Testar pra ver se o arquivo está OK
unzip -t $i 2> /dev/null > /dev/null
if [ ! $? -eq 0 ]; then
exit 1
fi
#Ver se existe executaveis no conteudo do mesmo
if [ `zipinfo -1 $i | egrep -i "${EXTENS}$" | wc -l` -gt 0 ]; then
exit 1
fi
fi
#arquivos RAR
if [ "`echo $i | egrep -i '[.](rar)$'`" != "" ]; then
#Testar pra ver se o arquivo está OK
unrar t $i 2> /dev/null > /dev/null
if [ ! $? -eq 0 ]; then
exit 1
fi
#Ver se existe executaveis no conteudo do mesmo
if [ `unrar l $i | gawk '{ print $1 }' | egrep -i "${EXTENS}$" | wc -l` -gt 0 ]; then
exit 1
fi
fi
#arquivos ARJ
if [ "`echo $i | egrep -i '[.](arj)$'`" != "" ]; then
#Testar pra ver se o arquivo está OK
unarj t $i 2> /dev/null > /dev/null
if [ ! $? -eq 0 ]; then
exit 1
fi
#Ver se existe executaveis no conteudo do mesmo
if [ `unarj l $i | gawk '{ print $1 }' | egrep -i "${EXTENS}$" | wc -l` -gt 0 ]; then
exit 1
fi
fi
#arquivos Tar
if [ "`echo $i | egrep -i '[.](tar)$'`" != "" ]; then
if [ `tar --list -f $i | gawk '{ print $1 }' | egrep -i "${EXTENS}$" | wc -l` -gt 0 ]; then
exit 1
fi
fi
#arquivos TGZ e Tar.GZ
if [ "`echo $i | egrep -i '[.](tgz|gz)$'`" != "" ]; then
if [ `tar --list -zf $i | gawk '{ print $1 }' | egrep -i "${EXTENS}$" | wc -l` -gt 0 ]; then
exit 1
fi
fi
#arquivos tar.bz2
if [ "`echo $i | egrep -i '[.](bz2)$'`" != "" ]; then
if [ `tar --list -jf $i | gawk '{ print $1 }' | egrep -i "${EXTENS}$" | wc -l` -gt 0 ]; then
exit 1
fi
fi
done
exit 0