RE: qmail file filter

From: Andrew Blogg (apblogg@bigpond.net.au)
Date: 10/09/01 

From: "Andrew Blogg" <apblogg@bigpond.net.au>
To: <sopapa@ciudad.com.ar>, <focus-linux@securityfocus.com>
Subject: RE: qmail file filter 
Date: Tue, 9 Oct 2001 14:29:12 +1000
Message-ID: <ABEHIEMPMFDBEHPCKHOLKEMJCAAA.apblogg@bigpond.net.au>

I have done this in a round about way..

Say for a user, in their .qmail file, you have the following

-
#cat .qmail-user
./Maildir/
-

What you can do, is insert at the top of the .qmail files, something like
this.

-
#cat .qmail-user
fileextcheck
./Maildir/
-

Where fileextcheck is the following.

-
#cat /var/qmail/bin/fileextcheck
#!/usr/local/bin/perl
$count = 0;
sub errormsg
     {
        print '

        It appears you have attempted to send either a VBS Script, an
Executable File, or a Screen Saver file,
        which are all likely to be infected by virii.

        Because of this, your message will not be delivered to the
recipient - $RECIPIENT, or as shown below.

        Please clean your computer of any virus\'s and/or refrain from
sending messages, which contain such attachments.

        For Anti Virus software, please check sites such as www.mcafee.com,
www.norton.com, etc.

        If you *must* send a file as described above, and beleive it to be
virus free, we suggest compressing the file
        with a utility such as Winzip. ( www.winzip.com ).

        --- message delivery failed.

        ';
        exit(100);
     };

sub cleanmsg
    {
        exit(0);
    };

sub extcheck
    {
        /.*.[Vv][Bb][Ss]/ && errormsg;
        /.*.[Cc][Oo][Mm]/ && errormsg;
        /.*.[Ee][Xx][Ee]/ && errormsg;
        /.*.[Cc][Hh][Mm]/ && errormsg;
        /.*.[Ss][Cc][Rr]/ && errormsg;
        /.*.[Hh][Tt][Aa]/ && errormsg;
        /.*.[Vv][Bb][Ee]/ && errormsg;
        /.*.[Ss][Hh][Ss]/ && errormsg;
        /.*.[Bb][Aa][Tt]/ && errormsg;
     };

while (<STDIN>)
        {
        /.*filename=.*/ && extcheck; # If 'filename' matches, then
search it for matching file extensions..
        /^$^$/ && cleanmsg;
        };
-

You can do the same principle with domains that are being forwarded to other
mail servers with .qmail-default files for the domain etc as well.

Hope this will help.

-
Andrew

-----Original Message-----
From: Paul Lussier [mailto:pll@mclinux.com]
Sent: Saturday, 6 October 2001 5:34 AM
To: sopapa@ciudad.com.ar
Cc: focus-linux@securityfocus.com
Subject: Re: qmail file filter

In a message dated: Wed, 03 Oct 2001 17:11:03 -0300
Alejandro Perretta said:

>Anyone knows a way to filter files by extension? ex. *.vbs *.exe.
>I use qmail with Maildir.....

If qmail can work with procmail then use that. Otherwise you can
roll your own by writing a perl filter using the Mail::Audit module. 

--

Seeya,
Paul
----

			  God Bless America!

	...we don't need to be perfect to be the best around,
		and we never stop trying to be better.
		       Tom Clancy, The Bear and The Dragon