herrmann <herrm...@glatz.de> writes: > I'm used to filter mails which contain javascript or other kinds of directly > executable scripts. This is simply done with some regex's in postfix > body_checks. But since some time javascript-trojans will increasingly be send > as base64 encoded html attachment, and in this case my approach to block them > via simple textanalysis fails. > > With amavis I can quarantine javascript attachments (.js), I can quarantine > zipped attachments containing .js files - but I can't see no way, how to > quarantine attachments, which - after base64-decoding - contain script as pure > text. > > If an attachment in it's very nature is a common text file, postfix seems to > be > the first place to do some regex filtering on it. But I guess, it's beyond > postfix's scope to recognize and decode such attachments before regexing. So > it > would be great, if them could be filtered with either amavis or with an amavis > plugin.
Sorry, I am not 100% certain I understand what you want. Do the $banned_filename_re or $banned_namepath_re amavisd-new perl settings do what you want? FYI: You might be better off asking on the amavisd-new user mailing list, as I get the impression this is a help/support request, not a bug report. https://lists.amavis.org/cgi-bin/mailman/listinfo/amavis-users -- Brian May <b...@debian.org>
