From: nigel <nigel>
Date: Wed, 4 Feb 2004 14:41:10 +0000 (+0000)
Subject: killed system filter
X-Git-Tag: exim-4_70_RC4~77
X-Git-Url: https://git.exim.org/exim-website.git/commitdiff_plain/01b57e68751c35f6b1d1240b28f32bc990b5ca27

killed system filter
---

diff --git a/filter/system_filter.exim b/filter/system_filter.exim
deleted file mode 100644
index e91a880..0000000
--- a/filter/system_filter.exim
+++ /dev/null
@@ -1,266 +0,0 @@
-# Exim filter
-## Version: 0.17
-#	$Id: sysfilter.tmpl,v 1.4 2001/09/19 10:19:42 nigel Exp $
-
-## Exim system filter to refuse potentially harmful payloads in
-## mail messages
-## (c) 2000-2001 Nigel Metheringham <nigel@exim.org>
-##
-##     This program is free software; you can redistribute it and/or modify
-##    it under the terms of the GNU General Public License as published by
-##    the Free Software Foundation; either version 2 of the License, or
-##    (at your option) any later version.
-##
-##    This program is distributed in the hope that it will be useful,
-##    but WITHOUT ANY WARRANTY; without even the implied warranty of
-##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-##    GNU General Public License for more details.
-##
-##    You should have received a copy of the GNU General Public License
-##    along with this program; if not, write to the Free Software
-##    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-## -A copy of the GNU General Public License is distributed with exim itself
-
-## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-## If you haven't worked with exim filters before, read
-## the install notes at the end of this file.
-## The install notes are not a replacement for the exim documentation
-## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
-
-## -----------------------------------------------------------------------
-# Only run any of this stuff on the first pass through the
-# filter - this is an optomisation for messages that get
-# queued and have several delivery attempts
-#
-# we express this in reverse so we can just bail out
-# on inappropriate messages
-#
-if not first_delivery
-then
-  finish
-endif
-
-## -----------------------------------------------------------------------
-# Check for MS buffer overruns as per BUGTRAQ.
-# http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61
-# This could happen in error messages, hence its placing
-# here...
-# We substract the first n characters of the date header
-# and test if its the same as the date header... which
-# is a lousy way of checking if the date is longer than
-# n chars long
-if ${length_80:$header_date:} is not $header_date:
-then
-  fail text "This message has been rejected because it has\n\
-	     an overlength date field which can be used\n\
-	     to subvert Microsoft mail programs\n\
-             The following URL has further information\n\
-	     http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61"
-  seen finish
-endif
-
-## -----------------------------------------------------------------------
-# These messages are now being sent with a <> envelope sender, but
-# blocking all error messages that pattern match prevents
-# bounces getting back.... so we fudge it somewhat and check for known
-# header signatures.  Other bounces are allowed through.
-if $header_from: contains "@sexyfun.net"
-then
-  fail text "This message has been rejected since it has\n\
-	     the signature of a known virus in the header."
-  seen finish
-endif
-if error_message and $header_from: contains "Mailer-Daemon@"
-then
-  # looks like a real error message - just ignore it
-  finish
-endif
-
-## -----------------------------------------------------------------------
-# Look for single part MIME messages with suspicious name extensions
-# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
-then
-  fail text "This message has been rejected because it has\n\
-	     potentially executable content $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-# same again using unquoted filename [content_type_unquoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
-then
-  fail text "This message has been rejected because it has\n\
-	     potentially executable content $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-
-
-## -----------------------------------------------------------------------
-# Attempt to catch embedded VBS attachments
-# in emails.   These were used as the basis for 
-# the ILOVEYOU virus and its variants - many many varients
-# Quoted filename - [body_quoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
-then
-  fail text "This message has been rejected because it has\n\
-	     a potentially executable attachment $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-# same again using unquoted filename [body_unquoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
-then
-  fail text "This message has been rejected because it has\n\
-	     a potentially executable attachment $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-## -----------------------------------------------------------------------
-
-
-#### Version history
-#
-# 0.01 5 May 2000
-#	Initial release
-# 0.02 8 May 2000
-#	Widened list of content-types accepted, added WSF extension
-# 0.03 8 May 2000
-#	Embedded the install notes in for those that don't do manuals
-# 0.04 9 May 2000
-#	Check global content-type header.  Efficiency mods to REs
-# 0.05 9 May 2000
-#	More minor efficiency mods, doc changes
-# 0.06 20 June 2000
-#	Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
-# 0.07 19 July 2000
-#	Latest MS Outhouse bug catching
-# 0.08 19 July 2000
-#	Changed trigger length to 80 chars, fixed some spelling
-# 0.09 29 September 2000
-#	More extensions... its getting so we should just allow 2 or 3 through
-# 0.10 18 January 2001
-#	Removed exclusion for error messages - this is a little nasty
-#	since it has other side effects, hence we do still exclude
-#	on unix like error messages
-# 0.11 20 March, 2001
-#	Added CMD extension, tidied docs slightly, added RCS tag
-#	** Missed changing version number at top of file :-(
-# 0.12 10 May, 2001
-#	Added HTA extension
-# 0.13 22 May, 2001
-#	Reformatted regexps and code to build them so that they are
-#	shorter than the limits on pre exim 3.20 filters.  This will
-#	make them significantly less efficient, but I am getting so
-#	many queries about this that requiring 3.2x appears unsupportable.
-# 0.14 15 August,2001
-#	Added .lnk extension - most requested item :-)
-#	Reformatted everything so its now built from a set of short
-#	library files, cutting down on manual duplication.
-#	Changed \w in filename detection to . - dodges locale problems
-#	Explicit application of GPL after queries on license status
-# 0.15 17 August, 2001
-#	Changed the . in filename detect to \S (stops it going mad)
-# 0.16 19 September, 2001
-#	Pile of new extensions including the eml in current use
-# 0.17 19 September, 2001
-#	Syntax fix
-#
-#### Install Notes
-#
-# Exim filters run the exim filter language - a very primitive
-# scripting language - in place of a user .forward file, or on
-# a per system basis (on all messages passing through).
-# The filtering capability is documented in the main set of manuals
-# a copy of which can be found on the exim web site
-#	http://www.exim.org/
-#
-# To install, copy the filter file (with appropriate permissions)
-# to /etc/exim/system_filter.exim and add to your exim config file
-# [location is installation depedant - typicaly /etc/exim/config ]
-# in the first section the line:-
-#	message_filter = /etc/exim/system_filter.exim
-#	message_body_visible = 5000
-#
-# You may also want to set the message_filter_user & message_filter_group
-# options, but they default to the standard exim user and so can
-# be left untouched.  The other message_filter_* options are only
-# needed if you modify this to do other functions such as deliveries.
-# The main exim documentation is quite thorough and so I see no need
-# to expand it here...
-#
-# Any message that matches the filter will then be bounced.
-# If you wish you can change the error message by editing it
-# in the section above - however be careful you don't break it.
-#
-# After install exim should be restarted - a kill -HUP to the
-# daemon will do this.
-#
-#### LIMITATIONS
-#
-# This filter tries to parse MIME with a regexp... that doesn't
-# work too well.  It will also only see the amount of the body
-# specified in message_body_visible
-#
-#### BASIS
-#
-# The regexp that is used to pickup MIME/uuencoded body parts with
-# quoted filenames is replicated below (in perl format).  
-# You need to remember that exim converts newlines to spaces in
-# the message_body variable.
-#
-#	  (?:Content-					# start of content header
-#	  (?:Type: (?>\s*)				# rest of c/t header
-#	    [\w-]+/[\w-]+				# content-type (any)
-#	    |Disposition: (?>\s*)			# content-disposition hdr
-#	    attachment)					# content-disposition
-#	  ;(?>\s*)					# ; space or newline
-#	  (?:file)?name=				# filename=/name= 
-#	  |begin (?>\s+) [0-7]{3,4} (?>\s+)) 		# begin octal-mode
-#	  (\"[^\"]+\.					# quoted filename.
-#		(?:ad[ep]				# list of extns
-#		|ba[st]
-#		|chm
-#		|cmd
-#		|com
-#		|cpl
-#		|crt
-#		|eml
-#		|exe
-#		|hlp
-#		|hta
-#		|in[fs]
-#		|isp
-#		|jse?
-#		|lnk
-#		|md[be]
-#		|ms[cipt]
-#		|pcd
-#		|pif
-#		|reg
-#		|scr
-#		|sct
-#		|shs
-#		|url
-#		|vb[se]
-#		|ws[fhc])
-#	  \"						# end quote
-#	  )						# end of filename capture
-#	  [\s;]						# trailing ;/space/newline
-
-#
-#
-### [End]
diff --git a/home.html b/home.html
index 6ed9eb2..29d1ae5 100644
--- a/home.html
+++ b/home.html
@@ -37,6 +37,9 @@
     maintained, though if a really serious bug were found, it would be
     looked at.</p>
 
+    <p>The old system filter has been deleted from the site - it is
+    not appropriate for current mail configurations.</p>
+
     <h2>Exim Books</h2> 
 
     <p>The new <a href="http://www.uit.co.uk/exim-book/"> Exim 4
@@ -50,6 +53,6 @@
     <hr>
     <address><a href="mailto:Postmaster@exim.org">Nigel Metheringham</a></address>
 <!-- Created: Sun May 16 21:43:01 BST 1999 -->
-    <h6>$Id: home.html,v 1.34 2003/09/22 13:10:18 nigel Exp $</h6>
+    <h6>$Id: home.html,v 1.35 2003/12/04 16:04:24 nigel Exp $</h6>
   </body>
 </html>
diff --git a/system_filter.exim b/system_filter.exim
deleted file mode 100644
index e91a880..0000000
--- a/system_filter.exim
+++ /dev/null
@@ -1,266 +0,0 @@
-# Exim filter
-## Version: 0.17
-#	$Id: sysfilter.tmpl,v 1.4 2001/09/19 10:19:42 nigel Exp $
-
-## Exim system filter to refuse potentially harmful payloads in
-## mail messages
-## (c) 2000-2001 Nigel Metheringham <nigel@exim.org>
-##
-##     This program is free software; you can redistribute it and/or modify
-##    it under the terms of the GNU General Public License as published by
-##    the Free Software Foundation; either version 2 of the License, or
-##    (at your option) any later version.
-##
-##    This program is distributed in the hope that it will be useful,
-##    but WITHOUT ANY WARRANTY; without even the implied warranty of
-##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-##    GNU General Public License for more details.
-##
-##    You should have received a copy of the GNU General Public License
-##    along with this program; if not, write to the Free Software
-##    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-## -A copy of the GNU General Public License is distributed with exim itself
-
-## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-## If you haven't worked with exim filters before, read
-## the install notes at the end of this file.
-## The install notes are not a replacement for the exim documentation
-## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
-
-## -----------------------------------------------------------------------
-# Only run any of this stuff on the first pass through the
-# filter - this is an optomisation for messages that get
-# queued and have several delivery attempts
-#
-# we express this in reverse so we can just bail out
-# on inappropriate messages
-#
-if not first_delivery
-then
-  finish
-endif
-
-## -----------------------------------------------------------------------
-# Check for MS buffer overruns as per BUGTRAQ.
-# http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61
-# This could happen in error messages, hence its placing
-# here...
-# We substract the first n characters of the date header
-# and test if its the same as the date header... which
-# is a lousy way of checking if the date is longer than
-# n chars long
-if ${length_80:$header_date:} is not $header_date:
-then
-  fail text "This message has been rejected because it has\n\
-	     an overlength date field which can be used\n\
-	     to subvert Microsoft mail programs\n\
-             The following URL has further information\n\
-	     http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61"
-  seen finish
-endif
-
-## -----------------------------------------------------------------------
-# These messages are now being sent with a <> envelope sender, but
-# blocking all error messages that pattern match prevents
-# bounces getting back.... so we fudge it somewhat and check for known
-# header signatures.  Other bounces are allowed through.
-if $header_from: contains "@sexyfun.net"
-then
-  fail text "This message has been rejected since it has\n\
-	     the signature of a known virus in the header."
-  seen finish
-endif
-if error_message and $header_from: contains "Mailer-Daemon@"
-then
-  # looks like a real error message - just ignore it
-  finish
-endif
-
-## -----------------------------------------------------------------------
-# Look for single part MIME messages with suspicious name extensions
-# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
-then
-  fail text "This message has been rejected because it has\n\
-	     potentially executable content $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-# same again using unquoted filename [content_type_unquoted_fn_match]
-if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
-then
-  fail text "This message has been rejected because it has\n\
-	     potentially executable content $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-
-
-## -----------------------------------------------------------------------
-# Attempt to catch embedded VBS attachments
-# in emails.   These were used as the basis for 
-# the ILOVEYOU virus and its variants - many many varients
-# Quoted filename - [body_quoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
-then
-  fail text "This message has been rejected because it has\n\
-	     a potentially executable attachment $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-# same again using unquoted filename [body_unquoted_fn_match]
-if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
-then
-  fail text "This message has been rejected because it has\n\
-	     a potentially executable attachment $1\n\
-	     This form of attachment has been used by\n\
-             recent viruses or other malware.\n\
-	     If you meant to send this file then please\n\
-	     package it up as a zip file and resend it."
-  seen finish
-endif
-## -----------------------------------------------------------------------
-
-
-#### Version history
-#
-# 0.01 5 May 2000
-#	Initial release
-# 0.02 8 May 2000
-#	Widened list of content-types accepted, added WSF extension
-# 0.03 8 May 2000
-#	Embedded the install notes in for those that don't do manuals
-# 0.04 9 May 2000
-#	Check global content-type header.  Efficiency mods to REs
-# 0.05 9 May 2000
-#	More minor efficiency mods, doc changes
-# 0.06 20 June 2000
-#	Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
-# 0.07 19 July 2000
-#	Latest MS Outhouse bug catching
-# 0.08 19 July 2000
-#	Changed trigger length to 80 chars, fixed some spelling
-# 0.09 29 September 2000
-#	More extensions... its getting so we should just allow 2 or 3 through
-# 0.10 18 January 2001
-#	Removed exclusion for error messages - this is a little nasty
-#	since it has other side effects, hence we do still exclude
-#	on unix like error messages
-# 0.11 20 March, 2001
-#	Added CMD extension, tidied docs slightly, added RCS tag
-#	** Missed changing version number at top of file :-(
-# 0.12 10 May, 2001
-#	Added HTA extension
-# 0.13 22 May, 2001
-#	Reformatted regexps and code to build them so that they are
-#	shorter than the limits on pre exim 3.20 filters.  This will
-#	make them significantly less efficient, but I am getting so
-#	many queries about this that requiring 3.2x appears unsupportable.
-# 0.14 15 August,2001
-#	Added .lnk extension - most requested item :-)
-#	Reformatted everything so its now built from a set of short
-#	library files, cutting down on manual duplication.
-#	Changed \w in filename detection to . - dodges locale problems
-#	Explicit application of GPL after queries on license status
-# 0.15 17 August, 2001
-#	Changed the . in filename detect to \S (stops it going mad)
-# 0.16 19 September, 2001
-#	Pile of new extensions including the eml in current use
-# 0.17 19 September, 2001
-#	Syntax fix
-#
-#### Install Notes
-#
-# Exim filters run the exim filter language - a very primitive
-# scripting language - in place of a user .forward file, or on
-# a per system basis (on all messages passing through).
-# The filtering capability is documented in the main set of manuals
-# a copy of which can be found on the exim web site
-#	http://www.exim.org/
-#
-# To install, copy the filter file (with appropriate permissions)
-# to /etc/exim/system_filter.exim and add to your exim config file
-# [location is installation depedant - typicaly /etc/exim/config ]
-# in the first section the line:-
-#	message_filter = /etc/exim/system_filter.exim
-#	message_body_visible = 5000
-#
-# You may also want to set the message_filter_user & message_filter_group
-# options, but they default to the standard exim user and so can
-# be left untouched.  The other message_filter_* options are only
-# needed if you modify this to do other functions such as deliveries.
-# The main exim documentation is quite thorough and so I see no need
-# to expand it here...
-#
-# Any message that matches the filter will then be bounced.
-# If you wish you can change the error message by editing it
-# in the section above - however be careful you don't break it.
-#
-# After install exim should be restarted - a kill -HUP to the
-# daemon will do this.
-#
-#### LIMITATIONS
-#
-# This filter tries to parse MIME with a regexp... that doesn't
-# work too well.  It will also only see the amount of the body
-# specified in message_body_visible
-#
-#### BASIS
-#
-# The regexp that is used to pickup MIME/uuencoded body parts with
-# quoted filenames is replicated below (in perl format).  
-# You need to remember that exim converts newlines to spaces in
-# the message_body variable.
-#
-#	  (?:Content-					# start of content header
-#	  (?:Type: (?>\s*)				# rest of c/t header
-#	    [\w-]+/[\w-]+				# content-type (any)
-#	    |Disposition: (?>\s*)			# content-disposition hdr
-#	    attachment)					# content-disposition
-#	  ;(?>\s*)					# ; space or newline
-#	  (?:file)?name=				# filename=/name= 
-#	  |begin (?>\s+) [0-7]{3,4} (?>\s+)) 		# begin octal-mode
-#	  (\"[^\"]+\.					# quoted filename.
-#		(?:ad[ep]				# list of extns
-#		|ba[st]
-#		|chm
-#		|cmd
-#		|com
-#		|cpl
-#		|crt
-#		|eml
-#		|exe
-#		|hlp
-#		|hta
-#		|in[fs]
-#		|isp
-#		|jse?
-#		|lnk
-#		|md[be]
-#		|ms[cipt]
-#		|pcd
-#		|pif
-#		|reg
-#		|scr
-#		|sct
-#		|shs
-#		|url
-#		|vb[se]
-#		|ws[fhc])
-#	  \"						# end quote
-#	  )						# end of filename capture
-#	  [\s;]						# trailing ;/space/newline
-
-#
-#
-### [End]