Mailing List CGatePro@mail.stalker.com Message #92981
From: Tom Reppen <tom.reppen@mirusbio.com>
Subject: RE: Bypass RFC Banned Body lines
Date: Fri, 19 Oct 2007 16:30:13 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Thanks, I'll give that a shot.  I like his CGPClamAV filter, he does
good work.



-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On
Behalf Of Paul Chauvet
Sent: Friday, October 19, 2007 4:02 PM
To: CommuniGate Pro Discussions
Subject: Re: Bypass RFC Banned Body lines

On Fri, 2007-10-19 at 15:35 -0500, Tom Reppen wrote:
> CGP 5.0.13
>
> I use the RFC822 Receiver to block certain attachment types.  Is it
> possible to allow certain hosts to bypass that filter by whitelisting
> them?
> Or another way to put it, I block .zip files and we have a customer
that
> "needs" to send us zipped attachments.  I believe I started blocking
> them a few years ago when there was a Bagle variant that was sending
> infected .zip's but is that even relevant today?  Do most places allow
> .zip's now?  Is the .zip file still a relevant avenue of attack?  Any
> input appreciated.
>
> Tom
>
I would recommend not using the RFC822 receiver to block attachment
types (I'm not a big fan of it at all - there really is no flexibility).

Nicolas Hatier has a great 'Find Attachments' external filter.  He has a
free version and a paid version (which we purchased due to the increased
processing speed.  You can get it from niversoft.com

You can use this to add headers to each attachment type, then can craft
rules to deal with them.

In your case you would have something like:
Header Field: is X-ATTACHEXT: ZIP
Return Path: not in list of senders you want to allow to e-mail you

Actions:
Reject/Discard/Whatever



--
------------------------------------------
Paul Chauvet
UNIX/Linux Systems Administrator
State University of New York at New Paltz
845-257-3828
chauvetp@newpaltz.edu
------------------------------------------


#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to
<CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster