Block attachments

This section contains scripts that hMailServer has contributed with. hMailServer 5 is needed to use these.
Post Reply
percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Block attachments

Post by percepts » 2014-03-16 15:34

Seems their are some oddities in anti virus attachment blocking mechanism so here are a couple of scripts to get around the problem. Take your pick according to how you want unwated attachments to be handled.

First provided by LesD ( topic: http://www.hmailserver.com/forum/viewto ... dd#p154541 )
This one will reject the whole email back to sender. It allows local users to send without blocking

Code: Select all

Sub OnAcceptMessage(oClient, oMessage)
' Ignore messages from local users
  if oClient.Username = "" then
    Dim oAttachment    
    Dim oRegExp 
    Set oRegExp = new RegExp    
    For oAttachment = 0 to oMessage.Attachments.Count-1
    ' Test for undesirable attachments
      with oRegExp
          .Pattern = "^.*\.(bat|cmd|com|cpl|csh|docm|exe|hta|htb|inf|js|jse|lnk|msi|msp|pif|reg|scf|scr|shs|shb|vbe|vbs|wsf|wsh|zip)$" 
          .IgnoreCase = True
          .Global = False
      end with
      if (oRegExp.test(oMessage.Attachments(oAttachment).Filename)) Then
       ' Log in event log
        EventLog.Write ("Email Rejected: Attachment unacceptable: " _ 
          & oMessage.Attachments(oAttachment).Filename & "  Size : " _
          & oMessage.Attachments(oAttachment).Size)
       ' Text to include with 550 rejection message 
        Result.Message = "Email Rejected : Attachment <" _
          & oMessage.Attachments(oAttachment).Filename & "> is not acceptable"
        Result.Value = 2      ' Reject'
      End If 
    Next
    Set oRegExp = nothing
  End if
End Sub
Second one provided by Percepts

This one gives you two options, Firstly you can quarantine the attachment and let the email through and secondly you can just delete the attachment and let the email through. Quarantine = False provides same functionality as antivirus attachment blocking is supposed to do.


To implement add a global rules which says

message size > 0
run function DeleteAttachments

Add following code to end of your eventhandlers.vbs file.

and note the variables below that you need to set.
Quarantine
QuarantineFolder
FileExtensions

Code: Select all

Sub DeleteAttachments(oMessage)
' this routine deletes or quarantines file attachments that have the specified
' FileExtensions. It replaces the functionality of antivirus blocked attachments panel in hmailadmin
' with optional quarantine

' un-comment following line and last End If at end of sub to only apply for external accounts
' if oClient.Username = "" then

  Dim Quarantine  ' set to True to Quarantine or False to Delete attachments
  Quarantine = False

  Dim QuarantineFolder       'where to store quarantined attachments. Must be pre created
  QuarantineFolder = "c:\path to\hmailserver\Attachment-Quarantine\"     ' trailing slash is required
  
  Dim QuarantineFile

  Dim FileExtensions ' set to the file attachment extensions you want to delete or quarantine
  FileExtensions = "(bat|cmd|com|cpl|csh|docm|exe|hta|htb|inf|js|jse|lnk|msi|msp|pif|reg|scf|scr|shs|shb|vbe|vbs|wsf|wsh|zip)"  
   
 ' change anything below here at your own risk. 

  Dim AttachmentDeleteNotify
  AttachmentDeleteNotify = Empty
  Dim oAttachment    
  Dim oRegExp 
  Set oRegExp = new RegExp    
  For oAttachment = 0 to oMessage.Attachments.Count-1
  ' Test for undesirable attachments
   with oRegExp
    .Pattern = "^.*\."& FileExtensions & "$" 
    .IgnoreCase = True
    .Global = False
   end with
   if (oRegExp.test(oMessage.Attachments(oAttachment).Filename)) Then
    ' Delete Attachment
    AttachmentDeleteNotify = AttachmentDeleteNotify & oMessage.Attachments(oAttachment).Filename & "~"
    If (Quarantine) Then
     QuarantineFile = QuarantineFolder & oMessage.Attachments(oAttachment).Filename & "." _
      & Left(Right(oMessage.Filename,42),38) & ".Quarantined"
     oMessage.Attachments(oAttachment).SaveAs(QuarantineFile)
     oMessage.Attachments(oAttachment).Delete
    Else
     oMessage.Attachments(oAttachment).Delete
    End If 
   End If 
  Next
  Set oRegExp = nothing
  If Not IsEmpty(AttachmentDeleteNotify) then
   AttachmentDeleteNotify = "The following attachment/s were blocked for delivery by the e-mail server." & "~" _
   & "Please contact your system administrator if you have any questions regarding this." & "~"  & "~" _
   & AttachmentDeleteNotify _
   & "~" & "hmailserver" & "~" & "~"
   Dim htmlNotify
   htmlNotify = AttachmentDeleteNotify
   If ( Len(oMessage.Body) <> 0 ) Then
    AttachmentDeleteNotify = Replace(AttachmentDeleteNotify, "~", VbCrLf)   
    oMessage.Body = oMessage.Body & VbCrLf & VbCrLf & AttachmentDeleteNotify
   End If 
   If ( Len(oMessage.HTMLBody) <> 0 ) Then
    htmlNotify = Replace(htmlNotify, "~", ("<br>" & VbCrLf))
    oMessage.HTMLBody = Replace(oMessage.HTMLBody, "</body", ("<br><br>" & htmlNotify & "</BODY"), 1, 1, vbTextCompare)
   End If 
   oMessage.Save
  End If 
' End if
End Sub

User avatar
jimimaseye
Moderator
Moderator
Posts: 8175
Joined: 2011-09-08 17:48

Re: Block attachments

Post by jimimaseye » 2014-07-31 10:51

Having read that thread (which led to the finalised script above), I too had ONE instance of the 'oddity' where the Zip file was not completely removed just like Les reported (although it has only happened once).

My question is, how can that script be used or modified to serve those that do not use direct inbound SMTP deliveries and collect all mail via an External Download? (as the 'OnAcceptMessage' feature is not relevant in this case)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20302
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Block attachments

Post by mattg » 2014-07-31 12:43

You could make it another function, and call that function from a rule
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Block attachments

Post by percepts » 2014-07-31 14:32

OR

use the second script which is run from global rules and not OnAcceptMessage

User avatar
jimimaseye
Moderator
Moderator
Posts: 8175
Joined: 2011-09-08 17:48

Re: Block attachments

Post by jimimaseye » 2014-07-31 14:48

oh yeah. :oops:
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

oneday
New user
New user
Posts: 2
Joined: 2014-08-29 20:52
Location: Texas

Re: Block attachments

Post by oneday » 2014-08-29 20:58

Percepts,

I am trying to use your script, but when I comment out the line:
if oClient.Username = "" then
and the subsequent End if, I get the following error:

"ERROR" 896 "2014-08-29 12:38:13.896" "Script Error: Source: Microsoft VBScript runtime error - Error: 800A01A8 - Description: Object required: 'oClient' - Line: 7 Column: 2 - Code: (null)"

am I missing something?

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Block attachments

Post by percepts » 2014-08-29 21:08

Probably but I have no idea since I can't see what you've done.

oneday
New user
New user
Posts: 2
Joined: 2014-08-29 20:52
Location: Texas

Re: Block attachments

Post by oneday » 2014-08-29 21:52

This is my script. It works fine as long as I don't uncomment out that line
Sub DeleteAttachments(oMessage)
' this routine deletes or quarantines file attachments that have the specified
' FileExtensions. It replaces the functionality of antivirus blocked attachments panel in hmailadmin
' with optional quarantine

' un-comment following line and last End If at end of sub to only apply for external accounts
' if oClient.Username = "" then

Dim Quarantine ' set to True to Quarantine or False to Delete attachments
Quarantine = True

Dim QuarantineFolder 'where to store quarantined attachments. Must be pre created
QuarantineFolder = "C:\Attachment-Quarantine\" ' trailing slash is required

Dim QuarantineFile

Dim FileExtensions ' set to the file attachment extensions you want to delete or quarantine
FileExtensions = "(bat|cmd|com|cpl|csh|docm|exe|hta|htb|inf|js|jse|lnk|msi|msp|pif|reg|scf|scr|shs|shb|vbe|vbs|wsf|wsh|zip)"

' change anything below here at your own risk.

Dim AttachmentDeleteNotify
AttachmentDeleteNotify = Null
Dim oAttachment
Dim oRegExp
Dim oWho
oWho = Null
Dim oRecipients
For oRecipients = 0 to oMessage.Recipients.Count-1
oWho = oWho & oMessage.Recipients(oRecipients).Address
Next
Set oRegExp = new RegExp
For oAttachment = 0 to oMessage.Attachments.Count-1
' Test for undesirable attachments
with oRegExp
.Pattern = "^.*\."& FileExtensions & "$"
.IgnoreCase = True
.Global = False
end with
if (oRegExp.test(oMessage.Attachments(oAttachment).Filename)) Then
' Delete Attachment
AttachmentDeleteNotify = AttachmentDeleteNotify & oMessage.Attachments(oAttachment).Filename & "~"
If (Quarantine) Then
QuarantineFile = QuarantineFolder & oMessage.Attachments(oAttachment).Filename & "." _
& Left(Right(oMessage.Filename,42),38) & oWho(-1) & ".Quarantined"
oMessage.Attachments(oAttachment).SaveAs(QuarantineFile)
oMessage.Attachments(oAttachment).Delete
Else
oMessage.Attachments(oAttachment).Delete
End If
End If
Next
Set oRegExp = nothing
If Not IsNull(AttachmentDeleteNotify) then
AttachmentDeleteNotify = " - Attachment/s blocked: " & AttachmentDeleteNotify & " contact quarantine@data-rx.com if you need this."
oMessage.Subject = oMessage.Subject & AttachmentDeleteNotify
oMessage.Save
End If
' End if
End Sub

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Block attachments

Post by percepts » 2014-08-29 22:11

OK, the reason it doesn't work is because oClient is not passed to the sub when calling it from a rule.

So you need to delete the rule that calls it and then edit eventhandlers.vbs and put following line in OnAcceptMessage

Code: Select all

DeleteAttachments oClient,oMessage
and then change

Code: Select all

Sub DeleteAttachments(oMessage)
to

Code: Select all

Sub DeleteAttachments(oClient,oMessage)
and then you can uncomment those two lines and it should work only deleting attachments for NON Authenticated users.

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: Block attachments

Post by percepts » 2014-09-01 15:03

**** Version 2. ****
Some mods specifically for those using the quarantine option to make it easier to find quarantined files
by adding "Notice ID" to mail which is also used as start of quarantine file names. Also quarantined files for a mail have attachment number added to stop duplicates if same filename is attached to mail twice.


Seems their are some oddities in anti virus attachment blocking mechanism so here is a script to get around the problem.

This script gives you two options, Firstly you can quarantine the attachment and let the email through and secondly you can just delete the attachment and let the email through. Quarantine = False provides same functionality as antivirus attachment blocking is supposed to do.

To implement add a global rules which says

message size > 0
run function DeleteAttachments

Add following code to end of your eventhandlers.vbs file.

and note the variables below that you need to set.
Quarantine
QuarantineFolder
FileExtensions

Code: Select all

Sub DeleteAttachments(oMessage)
' this routine deletes or quarantines file attachments that have the specified
' FileExtensions. It replaces the functionality of antivirus blocked attachments panel in hmailadmin
' and also has a selectable quarantine option

  Dim Quarantine  ' set to True to Quarantine or False to Delete attachments
  Quarantine = True

  Dim QuarantineFolder   'where to store quarantined attachments. This folder must already exist. 
  QuarantineFolder = "c:\path to quarantine folder\"     ' trailing slash is required
  
  Dim QuarantineFile

  Dim FileExtensions ' set to the file attachment extensions you want to delete or quarantine
  FileExtensions = "(bat|cmd|com|cpl|csh|docm|exe|pif|hta|htb|inf|js|jse|lnk|msi|msp|pif|reg|scf|scr|shs|shb|vbe|vbs|wsf|wsh)"  
   
 ' change anything below here at your own risk. 

  Dim AttachmentDeleteNotify
  AttachmentDeleteNotify = Empty
  Dim oAttachment    
  Dim oRegExp 
  Set oRegExp = new RegExp    
  For oAttachment = 0 to oMessage.Attachments.Count-1
  ' Test for undesirable attachments
   with oRegExp
    .Pattern = "^.*\."& FileExtensions & "$" 
    .IgnoreCase = True
    .Global = False
   end with
   if (oRegExp.test(oMessage.Attachments(oAttachment).Filename)) Then
    ' Delete Attachment
    AttachmentDeleteNotify = AttachmentDeleteNotify & oMessage.Attachments(oAttachment).Filename & "~"
    If (Quarantine) Then
     QuarantineFile = QuarantineFolder & Left(Right(oMessage.Filename,42),38) _
      & "." & oAttachment & "." & oMessage.Attachments(oAttachment).Filename & "." & ".Quarantined"
     oMessage.Attachments(oAttachment).SaveAs(QuarantineFile)
     oMessage.Attachments(oAttachment).Delete
    Else
     oMessage.Attachments(oAttachment).Delete
    End If 
   End If 
  Next
  Set oRegExp = nothing
  If Not IsEmpty(AttachmentDeleteNotify) then
   AttachmentDeleteNotify = "The following attachment/s were blocked for delivery by the e-mail server." & "~" _
   & "Please contact your system administrator if you have any questions regarding this." & "~" & "~" _
   & "Notice ID: " & Left(Right(oMessage.Filename,42),38) & "~" & "~" _
   & AttachmentDeleteNotify _
   & "~" & "Mail Server Admin" & "~" & "~"
   Dim htmlNotify
   htmlNotify = AttachmentDeleteNotify
   If ( Len(oMessage.Body) <> 0 ) Then
    AttachmentDeleteNotify = Replace(AttachmentDeleteNotify, "~", VbCrLf)   
    oMessage.Body = oMessage.Body & VbCrLf & VbCrLf & AttachmentDeleteNotify
   End If 
   If ( Len(oMessage.HTMLBody) <> 0 ) Then
    htmlNotify = Replace(htmlNotify, "~", ("<br>" & VbCrLf))
    oMessage.HTMLBody = Replace(oMessage.HTMLBody, "</body", ("<br><br>" & htmlNotify & "</BODY"), 1, 1, vbTextCompare)
   End If 
   oMessage.Save
  End If 
End Sub

Post Reply