687
edits
Changes
From SME Server
Jump to navigationJump to searchCreated page with "<span id="_top">Qpsmtpd#Plugins</span> = NAME = exe_filter = DESCRIPTION = exe_filter blocks executable (and other) attachments by matching the ..."
<span id="_top">[[Qpsmtpd#Plugins]]</span>
= [[#___top|NAME]] =
exe_filter
= [[#___top|DESCRIPTION]] =
exe_filter blocks executable (and other) attachments by matching the first body line of each MIME part in a message against a set of known signatures. If a match is found, the email is denied.
Signatures are stored one per line in signature files in the qpsmtpd config directory. exe_filter currently supports 'signature_exe' and 'signature_zip' files.
This version uses Simon Cozen's Email::MIME module, rather than reimplementing the MIME wheel.
= [[#___top|CONFIG]] =
The following parameters can be passed to exe_filter, or set in a 'exe_filter' config file.
<dl>
<dt>check <suffixes>
<dd><p>where <suffixes> is a comma-separated list of suffixes to check e.g.</p>
<pre> check exe,zip</pre>
<p>A corresponding 'signature_<suffix>' file should exist for each supplied suffix.</p>
<p>Default: 'check exe'.</p>
<p>Note: this argument used to be called 'deny', which is now deprecated but still functional.</p>
<dt>action <action>
<dd><p>The action to take when a signature match is found. Valid values are 'deny' (the default), to DENY the mail, and 'note', to record a transaction note for some later plugin (and then DECLINE). If action is 'note', the default note name is 'virus_score', with a default value of 1. These defaults can be modified using an extended note syntax - 'note:NAME=VALUE' e.g.</p>
<pre> action note:virus_score=1 # default settings
action note:exe_filter=virus_found # random example</pre>
<p>Numeric note values are accumulated, not replaced.</p>
<p>Default: 'action deny'.</p></dl>
The following parameter can be passed to exe_filter in config/plugins (but not set via a config file):
; per_recipient 1
: Allow per-recipient configs to be used (using the per_user_config plugin). Default: 0.
= [[#___top|BUGS AND LIMITATIONS]] =
exe_filter is a simple mime part filter - it does not unpack and scan archives for executables like a full-blown virus scanner. Likewise, zip filtering blocks *all* zip files, not just those that contain a virus. You should use a proper virus scanner if that's what you need.
exe_filter slurps the entire email into memory and uses Email::MIME to do the mime parsing, so it's reasonably memory hungry. You may find you need to increase your memory softlimits if running under tcpserver.
Because exe_filter is a post_data plugin, it cannot handle different configurations in per_recipient mode. This means that if you want to use per_recipient configurations, you should also enforce that only compatible recipients occur in a single mail (e.g. using a plugin like denysoft_multi_rcpt).
= [[#___top|AUTHOR]] =
Written by Gavin Carr <gavin@openfusion.com.au>, inspired by Russ Nelson's viruscan patch to qmail-smtpd (http://www.qmail.org/qmail-smtpd-viruscan-1.2.patch).
<!-- Generated Sun Jul 30 08:25:28 EDT 2017 using
perldoc -T -ohtml /usr/share/qpsmtpd/plugins/exe_filter |pandoc -f html -t mediawiki |sed 1 i\\n\n\n<span id="_top">[[Qpsmtpd#Plugins]]</span> |sed -e s#</d.>##
-->
----
[[Category:Qpsmtpd|exe_filter]]
= [[#___top|NAME]] =
exe_filter
= [[#___top|DESCRIPTION]] =
exe_filter blocks executable (and other) attachments by matching the first body line of each MIME part in a message against a set of known signatures. If a match is found, the email is denied.
Signatures are stored one per line in signature files in the qpsmtpd config directory. exe_filter currently supports 'signature_exe' and 'signature_zip' files.
This version uses Simon Cozen's Email::MIME module, rather than reimplementing the MIME wheel.
= [[#___top|CONFIG]] =
The following parameters can be passed to exe_filter, or set in a 'exe_filter' config file.
<dl>
<dt>check <suffixes>
<dd><p>where <suffixes> is a comma-separated list of suffixes to check e.g.</p>
<pre> check exe,zip</pre>
<p>A corresponding 'signature_<suffix>' file should exist for each supplied suffix.</p>
<p>Default: 'check exe'.</p>
<p>Note: this argument used to be called 'deny', which is now deprecated but still functional.</p>
<dt>action <action>
<dd><p>The action to take when a signature match is found. Valid values are 'deny' (the default), to DENY the mail, and 'note', to record a transaction note for some later plugin (and then DECLINE). If action is 'note', the default note name is 'virus_score', with a default value of 1. These defaults can be modified using an extended note syntax - 'note:NAME=VALUE' e.g.</p>
<pre> action note:virus_score=1 # default settings
action note:exe_filter=virus_found # random example</pre>
<p>Numeric note values are accumulated, not replaced.</p>
<p>Default: 'action deny'.</p></dl>
The following parameter can be passed to exe_filter in config/plugins (but not set via a config file):
; per_recipient 1
: Allow per-recipient configs to be used (using the per_user_config plugin). Default: 0.
= [[#___top|BUGS AND LIMITATIONS]] =
exe_filter is a simple mime part filter - it does not unpack and scan archives for executables like a full-blown virus scanner. Likewise, zip filtering blocks *all* zip files, not just those that contain a virus. You should use a proper virus scanner if that's what you need.
exe_filter slurps the entire email into memory and uses Email::MIME to do the mime parsing, so it's reasonably memory hungry. You may find you need to increase your memory softlimits if running under tcpserver.
Because exe_filter is a post_data plugin, it cannot handle different configurations in per_recipient mode. This means that if you want to use per_recipient configurations, you should also enforce that only compatible recipients occur in a single mail (e.g. using a plugin like denysoft_multi_rcpt).
= [[#___top|AUTHOR]] =
Written by Gavin Carr <gavin@openfusion.com.au>, inspired by Russ Nelson's viruscan patch to qmail-smtpd (http://www.qmail.org/qmail-smtpd-viruscan-1.2.patch).
<!-- Generated Sun Jul 30 08:25:28 EDT 2017 using
perldoc -T -ohtml /usr/share/qpsmtpd/plugins/exe_filter |pandoc -f html -t mediawiki |sed 1 i\\n\n\n<span id="_top">[[Qpsmtpd#Plugins]]</span> |sed -e s#</d.>##
-->
----
[[Category:Qpsmtpd|exe_filter]]
