#!/bin/sh # # qmail -- checkattach # Author: Noel G. Mistula # Date: 28 June 1999 Version: 0.1 # I appreciate any comment to this quick and dirty way of filtering attachment. # # Modified: 7 July 1999 Version: 0.3 # Modified: 7 May 2000 Version: 0.4 # This is release under the GNU/GPL. # This is a very crude program. Use at your own risk. # This will bounce incoming email with executable, # video and other attachments. Just remove/add # whichever filetype (e.g. EXE, AVI, COM) is required. # # I use this in a user's .qmail file # by adding the line # |/usr/local/bin/checkattach # before the ./Maildir/ # # Make sure to chmod 555 /usr/local/bin/checkattach # so that qmail users can execute it. # Start program here. ### This part is the new version (ver. 0.3) printmsg () { echo "The reason your email was rejected is you sent an attachment that can cause problems." echo "Sorry, the attachment you sent is in violation of our company's policy because it can cause problems like virus, or increase traffic load, or delete file(s) and/or among others." echo "Please disable HTML formatting when sending email because Visual Basic Script Worms/Virus normally exploits this." echo "--- Attachment filetype you sent is $ATTYPE" } # # Check for NOT allowed attachment. # Here you can include more filetype you want. # checktype () { case $ATTYPE in VBS | VBE | JSE | CSS | WSH | SCT | HTA | VXD | EXE | HTM | DOT | HLP | PAK | DAT | PCX | PPS | COM | BAT | CMD | AVI | MOV | RAM | OCX | CAB | SHS | CLA | RA | BMP | MPE | MPG | MP3 | MP4 | WAV | AUD | AU | DLL) printmsg $ATTYPE exit 100;; *) ;; esac } #ATTACHTYPE=`grep "filename=" - | gawk '{split($NF, results, "."); r=toupper(results[2]); print r}' | cut -c -3` ####Below doesn't work if more than 2 fields in name= #ATTACHTYPE=`grep "name=" - | gawk '{split($NF, results, "."); r=toupper(results[3]); print r}' | cut -c -3` #### End of ver. 0.3 ####Below works OK ## This part is recently modified (7may2000) because I noticed that the gawk part in the ## ATTACHTYPE above, doesn't properly check when you have a filename like ## THIS.IS.A.VBS.VIRUS.txt.vbs ## The ATTACHTYPE below resolves this problem ;). ATTACHTYPE=`grep "name=" - | gawk 'BEGIN {FS="."}; {print toupper($NF)}' | cut -c -3` for ATTYPE in $ATTACHTYPE do checktype $ATTYPE done #### End of ver. 0.4 exit 0