Re: Attachment Filter

[Elton <ehd@xxxxxxxxxxx>]

I'm not sure this solves your problem, but you can exclude tenon.com (for the list to get by your filter) and local domains in the source.  There can't be many valid users typing "dot-exe" in a string(?), if so exclude their domains; ie:

Source

------

Src.Addr  *tenon.com         NOT AND

Src.Addr  *yourdomain1.com   NOT AND

Src.Addr  *yourdomain2.com   NOT

Destination

-----------

Header

------

Body

----

Text      *phrase1*|*Phrase1|*PHRASE1*  - remember body_filters are case sensitive

Elton

On Wednesday, June 11, 2003, at 04:06 PM, Dan Tappin wrote:

> First off
> can someone point me to the PO list archive - I have lost the
> link.  It is beyond me why Tenon does not post this on their
> site!
>  
> What is the
> best way to filter for attachments?  I have added a body filter
> that traps my specified 3 character file extension but it also traps
> plain text (i.e. *.abc, *.xyz etc).
>  
> For example
> I currently have the following blocked:
>  
> exe
> pif
> scr
>  
> Which works
> great.  All those great Windows bugbear viruses get blocked. 
> The only issue is that if I type star-dot-exe in any message this also
> gets blocked.  I hope this makes sense.  I can't actually
> type an example with out my server blocking it.
>  
> I also tried
> *.*.abc because these viruses hide the real extention behind a fake
> one (i.e. filename.abc.xyz).
>  
> Any ideas /
> suggestions from the list?
>  
> Thanks,
>  
> Dan
>  
> P.S.
>  
> Windows
> sucks :^)