<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >Adding MIME and Filetype Checks</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Spam Filtering for Mail Exchangers" HREF="index.html"><LINK REL="UP" TITLE="Exim Implementation" HREF="exim.html"><LINK REL="PREVIOUS" TITLE="Adding SPF Checks" HREF="exim-spf.html"><LINK REL="NEXT" TITLE="Adding Anti-Virus Software" HREF="exim-av.html"></HEAD ><BODY CLASS="section" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Spam Filtering for Mail Exchangers: </TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="exim-spf.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Appendix A. Exim Implementation</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="exim-av.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="section" ><H1 CLASS="section" ><A NAME="exim-mime" ></A >A.8. Adding MIME and Filetype Checks</H1 ><P > These checks depend on features found in Tom Kistner's <TT CLASS="option" >Exiscan-ACL</TT > patch - see <A HREF="exim-prereq.html" >Prerequisites</A > for details. </P ><P > Exiscan-ACL includes support for MIME decoding, and file name suffix checks (or to use a misnomer from the Windows world, <SPAN CLASS="QUOTE" >"file extension"</SPAN > checks). This check alone will block most Windows virii - but not those that are transmitted in <TT CLASS="option" >.ZIP</TT > archives or those that exploit Outlook/MSIE HTML rendering vulnerabilities - see the discussion on <A HREF="datachecks.html#virusscanners" >Virus Scanners</A >. </P ><P > These checks should go into <A HREF="exim-firstpass.html#acl_data_1" >acl_data</A >, before the final <TT CLASS="option" >accept</TT > statement: <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > # Reject messages that have serious MIME errors. # deny message = Serious MIME defect detected ($demime_reason) demime = * condition = ${if >{$demime_errorlevel}{2}{1}{0}} # Unpack MIME containers and reject file extensions used by worms. # This calls the demime condition again, but it will return cached results. # Note that the extension list may be incomplete. # deny message = We do not accept ".$found_extension" attachments here. demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url </PRE ></FONT ></TD ></TR ></TABLE > </P ><P > You will note that the <TT CLASS="option" >demime</TT > condition is invoked twice in the example above. However, the results are cached, so the message is not actually processed twice. </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="exim-spf.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="exim-av.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Adding SPF Checks</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="exim.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Adding Anti-Virus Software</TD ></TR ></TABLE ></DIV ></BODY ></HTML >