From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-3.7 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, RP_MATCHES_RCVD shortcircuit=no autolearn=unavailable version=3.3.2 X-Original-To: meta@public-inbox.org Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 557D61FD1F for ; Thu, 27 Aug 2015 07:03:14 +0000 (UTC) From: Eric Wong To: meta@public-inbox.org Subject: [PATCH] filter: reject bad attachments outright Date: Thu, 27 Aug 2015 07:03:14 +0000 Message-Id: <1440658994-20677-1-git-send-email-e@80x24.org> List-Id: Might as well be strict about it for new lists. Importing old archives might be more of a challenge, though. --- lib/PublicInbox/Filter.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/PublicInbox/Filter.pm b/lib/PublicInbox/Filter.pm index bcc57c4..0b1ec91 100644 --- a/lib/PublicInbox/Filter.pm +++ b/lib/PublicInbox/Filter.pm @@ -15,7 +15,7 @@ our $VERSION = '0.0.1'; use constant NO_HTML => '*** We only accept plain-text email, no HTML ***'; # start with the same defaults as mailman -our $BAD_EXT = qr/\.(?:exe|bat|cmd|com|pif|scr|vbs|cpl)\z/i; +our $BAD_EXT = qr/\.(exe|bat|cmd|com|pif|scr|vbs|cpl|zip)\s*\z/i; our $MIME_HTML = qr!\btext/html\b!i; our $MIME_TEXT_ANY = qr!\btext/[a-z0-9\+\._-]+\b!i; @@ -127,6 +127,7 @@ sub strip_multipart { # some extensions are just bad, reject them outright my $fn = $part->filename; if (defined($fn) && $fn =~ $BAD_EXT) { + $filter->reject("Bad file type: $1") if $filter; $rejected++; return; } @@ -150,6 +151,8 @@ sub strip_multipart { # change the sender-specified type if (recheck_type_ok($part)) { push @keep, $part; + } elsif ($filter) { + $filter->reject('no attachments') } else { $rejected++; } @@ -161,6 +164,7 @@ sub strip_multipart { push @keep, $part; } } else { + $filter->reject('no attachments') if $filter; # reject everything else, including non-PGP signatures $rejected++; } -- EW