Can I ban double attachment extensions like *.gz.txt?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
Nime
Normal user
Normal user
Posts: 122
Joined: 2009-03-12 11:50
Contact:

Can I ban double attachment extensions like *.gz.txt?

Post by Nime » 2020-09-18 13:37

It seems like I cannot.

Neither SpamAssassin nor ClamAV+SaneSecurity can block *.GZ.txt attachments and I got tons of spams everyday.

User avatar
SorenR
Senior user
Senior user
Posts: 3748
Joined: 2006-08-21 15:38
Location: Denmark

Re: Can I ban double attachment extensions like *.gz.txt?

Post by SorenR » 2020-09-18 14:26

The GUI accept the extensions so I presume it should work as intended.
attachment.jpg
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
katip
Senior user
Senior user
Posts: 778
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Can I ban double attachment extensions like *.gz.txt?

Post by katip » 2020-09-18 14:58

Nime wrote:
2020-09-18 13:37
It seems like I cannot.

Neither SpamAssassin nor ClamAV+SaneSecurity can block *.GZ.txt attachments and I got tons of spams everyday.
Spamassassin for sure can score it. try this:

Code: Select all

full GZ_TXT_CRAP /\bcontent\-[^\r\n]+?(|file)name\=(\"|).+?(|[\r\n]).+?\.gz\.txt\b/i
score GZ_TXT_CRAP 10.00
Katip
--
HMS 5.7.0 x64, MariaDB 10.4.10 x64, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
RvdH
Senior user
Senior user
Posts: 1113
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Can I ban double attachment extensions like *.gz.txt?

Post by RvdH » 2020-09-19 12:10

katip wrote:
2020-09-18 14:58
Nime wrote:
2020-09-18 13:37
It seems like I cannot.

Neither SpamAssassin nor ClamAV+SaneSecurity can block *.GZ.txt attachments and I got tons of spams everyday.
Spamassassin for sure can score it. try this:

Code: Select all

full GZ_TXT_CRAP /\bcontent\-[^\r\n]+?(|file)name\=(\"|).+?(|[\r\n]).+?\.gz\.txt\b/i
score GZ_TXT_CRAP 10.00

Code: Select all

# ifplugin mail::SpamAssassin::Plugin::MIMEHeader
	mimeheader GZ_TXT_CRAP  Content-Type =~ /="[^"]+\.gz\.txt"/i
	describe GZ_TXT_CRAP  email contains a *.gz.txt file attachment
	score GZ_TXT_CRAP  10.0
# endif
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
Nime
Normal user
Normal user
Posts: 122
Joined: 2009-03-12 11:50
Contact:

Re: Can I ban double attachment extensions like *.gz.txt?

Post by Nime » 2020-09-22 18:34

Thanks guys!
554 Tagged as Spam by SpamAssassin

User avatar
Nime
Normal user
Normal user
Posts: 122
Joined: 2009-03-12 11:50
Contact:

Re: Can I ban double attachment extensions like *.gz.txt?

Post by Nime » 2020-09-29 19:49

This is the report of banned messages, huge decrease! Guys, can you modify the regex so I can also ban *.GZ.TXT.TXT or simply *.GZ.* ?

Image

User avatar
katip
Senior user
Senior user
Posts: 778
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Can I ban double attachment extensions like *.gz.txt?

Post by katip » 2020-09-30 08:20

Nime wrote:
2020-09-29 19:49
can you modify the regex so I can also ban *.GZ.TXT.TXT or simply *.GZ.* ?
full search:

Code: Select all

full GZ_TXT_CRAP /\bcontent\-[^\r\n]+?(|file)name\=(\"|).+?(|[\r\n]).+?\.gz\./i
MIME plugin:

Code: Select all

mimeheader GZ_TXT_CRAP  Content-Type =~ /="[^"]+\.gz\."/i
both match *.gz.* or *.GZ.*
be careful: legitmail.gz.department.doc will match too, just in case..
Katip
--
HMS 5.7.0 x64, MariaDB 10.4.10 x64, SA 3.4.2, ClamAV 0.101.2 + SaneS

Post Reply