Exim acl_check_mime and zip file extension

Question

Damn spammers.

We implemented this a few weeks ago to great effect:

deny message = Blacklisted file extension detected
   condition = ${if match \
                    {${lc:$mime_filename}} \
                    {\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com|\.zip)$\N} \
                 {1}{0}}

It has hugely reduced the amount of spam, but they have suddenly worked around it by sending documents with an attachment name of "& # 1057 ; opy_of_document_SER176.zip" (without spaces)

which with the character encoding seems to evade the $mime_filename check.

Any suggestions as to how to fully block ANY file with a zip extension, regardless of the encoding in the name?

score 1 · Accepted Answer · answered Jun 30 '14 at 20:39

So after a bit of searching, I've gone with a slightly different approach.

deny message = Blacklisted file extension type detected
   condition = ${if eq {$mime_content_type}{application/x-zip-compressed}{1}{0}}

I'm sure they'll get wise to this too, but certainly blocking plenty at the moment.

Exim acl_check_mime and zip file extension

1 Answers1