Changes

From SME Server
Jump to navigationJump to search
3,153 bytes added ,  13:26, 30 July 2017
Created page with "<span id="_top">Qpsmtpd#Plugins</span> = NAME = exe_filter = DESCRIPTION = exe_filter blocks executable (and other) attachments by matching the ..."
<span id="_top">[[Qpsmtpd#Plugins]]</span>
= [[#___top|NAME]] =

exe_filter

= [[#___top|DESCRIPTION]] =

exe_filter blocks executable (and other) attachments by matching the first body line of each MIME part in a message against a set of known signatures. If a match is found, the email is denied.

Signatures are stored one per line in signature files in the qpsmtpd config directory. exe_filter currently supports 'signature_exe' and 'signature_zip' files.

This version uses Simon Cozen's Email::MIME module, rather than reimplementing the MIME wheel.

= [[#___top|CONFIG]] =

The following parameters can be passed to exe_filter, or set in a 'exe_filter' config file.

<dl>
<dt>check &lt;suffixes&gt;
<dd><p>where &lt;suffixes&gt; is a comma-separated list of suffixes to check e.g.</p>
<pre> check exe,zip</pre>
<p>A corresponding 'signature_&lt;suffix&gt;' file should exist for each supplied suffix.</p>
<p>Default: 'check exe'.</p>
<p>Note: this argument used to be called 'deny', which is now deprecated but still functional.</p>
<dt>action &lt;action&gt;
<dd><p>The action to take when a signature match is found. Valid values are 'deny' (the default), to DENY the mail, and 'note', to record a transaction note for some later plugin (and then DECLINE). If action is 'note', the default note name is 'virus_score', with a default value of 1. These defaults can be modified using an extended note syntax - 'note:NAME=VALUE' e.g.</p>
<pre> action note:virus_score=1 # default settings
action note:exe_filter=virus_found # random example</pre>
<p>Numeric note values are accumulated, not replaced.</p>
<p>Default: 'action deny'.</p></dl>

The following parameter can be passed to exe_filter in config/plugins (but not set via a config file):

; per_recipient 1
: Allow per-recipient configs to be used (using the per_user_config plugin). Default: 0.

= [[#___top|BUGS AND LIMITATIONS]] =

exe_filter is a simple mime part filter - it does not unpack and scan archives for executables like a full-blown virus scanner. Likewise, zip filtering blocks *all* zip files, not just those that contain a virus. You should use a proper virus scanner if that's what you need.

exe_filter slurps the entire email into memory and uses Email::MIME to do the mime parsing, so it's reasonably memory hungry. You may find you need to increase your memory softlimits if running under tcpserver.

Because exe_filter is a post_data plugin, it cannot handle different configurations in per_recipient mode. This means that if you want to use per_recipient configurations, you should also enforce that only compatible recipients occur in a single mail (e.g. using a plugin like denysoft_multi_rcpt).

= [[#___top|AUTHOR]] =

Written by Gavin Carr &lt;gavin@openfusion.com.au&gt;, inspired by Russ Nelson's viruscan patch to qmail-smtpd (http://www.qmail.org/qmail-smtpd-viruscan-1.2.patch).

<!-- Generated Sun Jul 30 08:25:28 EDT 2017 using
perldoc -T -ohtml /usr/share/qpsmtpd/plugins/exe_filter |pandoc -f html -t mediawiki |sed 1 i\\n\n\n<span id="_top">[[Qpsmtpd#Plugins]]</span> |sed -e s#</d.>##
-->
----
[[Category:Qpsmtpd|exe_filter]]

Navigation menu