Gossamer Forum
Home : Products : Gossamer Mail : Discussion :

Blocking Msgs with .scr & .pif attachments?

Quote Reply
Blocking Msgs with .scr & .pif attachments?
hi,

does anyone know of a way to block, delete or reject all emails with a .pif or .scr attachment? need a solution urgently!

thanks,

regan.
Quote Reply
Re: [ryel01] Blocking Msgs with .scr & .pif attachments? In reply to
If I'm running a virus scanner on my system, is the idea to scan the msgs directory of my GM install for infected emails and have the scanner delete them? Will this upset any database structure used by GM for storing attachments if they no longer exist?

thanks,

regan.
Quote Reply
Re: [ryel01] Blocking Msgs with .scr & .pif attachments? In reply to
It's a better idea to have your scan for virii before they get delivered to the catchall.

Adrian
Quote Reply
Re: [ryel01] Blocking Msgs with .scr & .pif attachments? In reply to
That's something we've added to 2.2.0. I'll have to take a look at how easy it would be to rip it out and add to a current install. I don't think it will be trivial though Unsure

Adrian
Quote Reply
Re: [brewt] Blocking Msgs with .scr & .pif attachments? In reply to
hi adrian,

if I run a virus scanner over the files of my GM install, would there be any problems if it deleted any infected files from the hard drive? - for example, would it stuff it in any way with the attachments logged in the database?

i'm trying to figure out how to pipe my incoming email through the visrus scanner but can't get it to write the mail file again... that would be another solution.

regan.
Quote Reply
Re: [ryel01] Blocking Msgs with .scr & .pif attachments? In reply to
I believe you'll get errors when a user tries to download the attachment, which isn't a bad thing, since they shouldn't be opening virii anyways Smile

Adrian
Quote Reply
Re: [brewt] Blocking Msgs with .scr & .pif attachments? In reply to
ok, I might give that a go - some of my users are being bombarded by emails and I'm not sure how to stop it. Unsure

regan.
Quote Reply
Re: [ryel01] Blocking Msgs with .scr & .pif attachments? In reply to
I use the following in my /etc/procmailrc file:

Code:
## catch virus attachments
:0 B:
* name=.*(\.pif|\.bat|\.vbs|\.exe|\.scr)
/dev/null

If you have procmail installed and configured with sendmail (maybe other MUAs as well, not sure), it will catch any attachments with the extensions listed. Note that this will also trash windows executables so you might want to take that part out. It is pretty effective. I tested the script for a long time by redirecting mail to a special account so that I could review what was being caught. The only false positives were when someone tried to send an uncompressed executable to a user.

If you don't have access to the /etc directory you should be able to put the same thing in a local .procmailrc file (ie for accounts on a shared server).

It has saved me from gigabytes of sobig virii infected messages over just the last couple of weeks.
Michael Coyne
seaturtle.org
Quote Reply
Re: [ryel01] Blocking Msgs with .scr & .pif attachments? In reply to
I have exim set up on my dedicated server which runs WHM/Cpanel and it nukes the email and the attachment if the file name is:



exe, .pif, or .scr



I ain't changing it for GM users and it works fine. Teach the folks to zip these, scan the zips and then send to their friends.

geek/talk Forums @ GeekVillage.com
Quality Forums For Webmasters & Merchants

Quote Reply
Re: [brewt] Blocking Msgs with .scr & .pif attachments? In reply to
 
thanks to everyone for the suggestions - I've got it sorted running a virus scanner and also spam assassin over the weekend.

cheers!

regan.