1 module Test_Mailscanner_Rules =
2 let conf = "# JKF 10/08/2007 Adobe Acrobat nastiness
3 rename \.fdf$ Dangerous Adobe Acrobat data-file Opening this file can cause auto-loading of any file from the internet
5 # JKF 04/01/2005 More Microsoft security vulnerabilities
6 deny \.ico$ Windows icon file security vulnerability Possible buffer overflow in Windows
7 allow \.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$ - -
8 deny+delete \.cur$ Windows cursor file security vulnerability Possible buffer overflow in Windows
9 andrew@baruwa.com,andrew@baruwa.net \.reg$ Possible Windows registry attack Windows registry entries are very dangerous in email
10 andrew@baruwa.com andrew@baruwa.net \.chm$ Possible compiled Help file-based virus Compiled help files are very dangerous in email
11 rename to .ppt \.pps$ Renamed .pps to .ppt Renamed .pps to .ppt
14 test Mailscanner_Rules.lns get conf =
15 { "#comment" = "JKF 10/08/2007 Adobe Acrobat nastiness" }
17 { "action" = "rename" }
18 { "regex" = "\.fdf$" }
19 { "log-text" = "Dangerous Adobe Acrobat data-file" }
20 { "user-report" = "Opening this file can cause auto-loading of any file from the internet" }
23 { "#comment" = "JKF 04/01/2005 More Microsoft security vulnerabilities" }
26 { "regex" = "\.ico$" }
27 { "log-text" = "Windows icon file security vulnerability" }
28 { "user-report" = "Possible buffer overflow in Windows" }
31 { "action" = "allow" }
32 { "regex" = "\.(jan|feb|mar|apr|may|jun|june|jul|july|aug|sep|sept|oct|nov|dec)\.[a-z0-9]{3}$" }
34 { "user-report" = "-" }
37 { "action" = "deny+delete" }
38 { "regex" = "\.cur$" }
39 { "log-text" = "Windows cursor file security vulnerability" }
40 { "user-report" = "Possible buffer overflow in Windows" }
43 { "action" = "andrew@baruwa.com,andrew@baruwa.net" }
44 { "regex" = "\.reg$" }
45 { "log-text" = "Possible Windows registry attack" }
46 { "user-report" = "Windows registry entries are very dangerous in email" }
49 { "action" = "andrew@baruwa.com andrew@baruwa.net" }
50 { "regex" = "\.chm$" }
51 { "log-text" = "Possible compiled Help file-based virus" }
52 { "user-report" = "Compiled help files are very dangerous in email" }
55 { "action" = "rename to .ppt" }
56 { "regex" = "\.pps$" }
57 { "log-text" = "Renamed .pps to .ppt" }
58 { "user-report" = "Renamed .pps to .ppt" }