While users surf the Internet? So, not coming through e-mail?

From: amavis-users [mailto:amavis-users-bounces+dino.edwards=***@amavis.org] On Behalf Of Indunil Jayasooriya
Sent: Thursday, March 17, 2016 1:10 AM
To: amavis-***@amavis.org
Subject: block a particular double extension files in amavisd.conf

Hi,
I want to block files having double extensions. while users surf internet, some files such as e7ea.tmp.exe will be automatically downloaded.

e7ea.tmp.exe is a ransomware. Attackers can send mails with files of these types as well.
Now, I want to block files having double extension such as filenames.tmp.exe format.

I think below regex is OK to insert in to amavisd.conf file.

qr'.\.(tmp)\.exe$'i, # block this double extension

any comment?

Your point is OK. But, I am afraid that an attacker sends emails to
our domain with those attachment, I want my mail filer to block it.

I want to take an action for it in the future

comments?


,

The regexp you provided should work in blocking any filename.tmp.exe. The attachments has to follow that exact naming pattern i.e. it must be *.tmp.exe. Any other variation it will not match. This one should work too:

(tmp){1,}.*(exe){1,}





From: Indunil Jayasooriya [mailto:***@gmail.com]
Sent: Thursday, March 17, 2016 4:25 AM
To: Dino Edwards <***@mydirectmail.net>
Cc: amavis-***@amavis.org
Subject: Re: block a particular double extension files in amavisd.conf



On Thu, Mar 17, 2016 at 1:46 PM, Dino Edwards <***@mydirectmail.net<mailto:***@mydirectmail.net>> wrote:
While users surf the Internet? So, not coming through e-mail?

Your point is OK. But, I am afraid that an attacker sends emails to our domain with those attachment, I want my mail filer to block it.
I want to take an action for it in the future

comments?


,
From: amavis-users [mailto:amavis-users-bounces+dino.edwards<mailto:amavis-users-bounces%2Bdino.edwards>=***@amavis.org<mailto:***@amavis.org>] On Behalf Of Indunil Jayasooriya
Sent: Thursday, March 17, 2016 1:10 AM
To: amavis-***@amavis.org<mailto:amavis-***@amavis.org>
Subject: block a particular double extension files in amavisd.conf

Hi,
I want to block files having double extensions. while users surf internet, some files such as e7ea.tmp.exe will be automatically downloaded.

e7ea.tmp.exe is a ransomware. Attackers can send mails with files of these types as well.
Now, I want to block files having double extension such as filenames.tmp.exe format.

I think below regex is OK to insert in to amavisd.conf file.

qr'.\.(tmp)\.exe$'i, # block this double extension
any comment?
--
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts