Blocking .exe zip rar bat etc

Discussion in 'ISPConfig 3 Priority Support' started by Dextros, Mar 8, 2016.

  1. Dextros

    Dextros Member HowtoForge Supporter

    Hi Guys
    I think recently someone opened one of the nice attachements that runs an exe and installed ransomware through a network share on a clients server. It wiped though local backups also. Luckily the off site backups were in play and its restoring now.
    In light of this, I am going to block certain file types.
    I have seen a couple of posts about content filtering. I tried to large bulk sql library version, but it wouldn't work, and am considering typing everything manually.
    Is it best to filter through postfix or amasvid?
    Please can someone give an example on how to block .exe and .zip please.

    Kind Regards

    Lee
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I would filter it trough amavisd, it has already filters for that "aboard", take a look inti the amavisd config file, there should be some config options about filtering specific attachments that you can uncomment there.
     
  3. Dextros

    Dextros Member HowtoForge Supporter

    Thanks Till,

    I found out what i need to be doing. Am i right in saying that i should only edit conf.d/50-user and nothing else in conf.d
    I added the part below,

    $banned_filename_re = new_RE(
    qr'.\.(bat|exe|scr)$'i,
    qr'^\.(exe|zip|lha|tnef)$'i,
    );

    What is weird is .docx are being banned also, that's still not the weirdest part. Other users on localhost can send the same email, with the same attachment and it get through, but other users cannot?

    Any Ideads. All i want to do for now is block .zip and .exe

    KRs

    Lee
     
  4. Dextros

    Dextros Member HowtoForge Supporter

    Hi Guys

    Any guidance on the above?

    KRs

    Lee
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    You can set a higher log level in amavis 50-user file and then check the mail.log to see what amavis is doing in detail with the email. Ensure that you restart amavis after each config change.
     
  6. Dextros

    Dextros Member HowtoForge Supporter

    Thanks Till, I have enabled a higher level and will wait.

    Does items in the 50-user file override options in, say, 20-debian_defaults?

    L
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes.
     
  8. Dextros

    Dextros Member HowtoForge Supporter

    Thanks Till.
    I think I have it working.

    I adjusted what I wanted. I will allow zips but block banned contents.
    Out of interest is there going to be a more intuitive interface for blocking content in 3.1?

    Thanks once again for your help.

    Lee
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no config interface for the amavis global config planned in 3.1.
     
    DDArt likes this.

Share This Page