One of the
classifications that may be assigned is Executable
.
This denotes that the information forms part of an executable
image of an application. For example, it may be an executable, a
dynamic link library or an OCX. The classification also includes
ActiveX components.
MIMEsweeper can be
configured to detect and block executables. This is achieved by
editing the [Validation]
configuration section, to
ensure that the DetectExecutable
directive is no
longer commented out.
[Validation]
;DetectExecutable=VALATTR
[Validation]
DetectExecutable=VALATTR
![]() |
The MIMEsweeper service(s) will have to be restarted for these changes to come into effect. |
If DetectExecutable is
activated for MAILsweeper, any message
with an executable attached is discarded. The sender of
the message is informed accordingly. |
![]() |
You may wish to block or allow executables for certain users or groups of users only. | ![]() |
This can be achieved
by creating a new AMUcheck rule to name the users and then
setting an attribute during AMUcheck validation. This attribute
can subsequently be checked in the [DetectExecutable]
configuration section, using a PerformIf
directive
(to block executables for certain users only) or a SkipIf
directive (to allow executables for certain users only).
RESPONSE allow
...
RESPONSE Allow_Executables PRIORITY 1
RESPONSE deny PRIORITY 2
FROM *@* To *@* allow ;allow everything
FROM user1@company.com ;List of users allowed
user2@company.com ;to send executables.
user3@company.com
To *@* Allow_Executables
FINISH
A new AMUcheck rule
is defined. In this example, the rule names the users who are allowed
to send executables.1 When
the addresses of a message match with this rule the <Response>
generated by AMUcheck is Allow_Executables
.
A new RESPONSE
statement is also listed in the first section of the file, to
define the Allow_Executables
<Response>.
[AMU]
AuthFile=C:\MSW\CONFIG\AUTHFILE.TXT
If=Allow_executables, AllowExecutable=TRUE, allow
The <Response>
is then reset to allow
. This is the actual <Response>
generated by AMUcheck. It allows the message to be delivered
normally, assuming no higher priority <Response>
is generated by one of the configured plug-in validator
instances.
[DetectExecutable]
SkipIf=AllowExecutable==TRUE
HaveExecutable=ContainerClass==Executable
If the value is TRUE
then checking by the [DetectExecutable]
section is skipped.
For a similar
configuration, using PerformIf
to block executables
for certain users only, see the blocking attachments example on page 5-29.
![]() |
See the AMUcheck section on page 7-97 for
more details. Also, for more details on the If ,
PerformIf and SkipIf
directives, see the Common validator directives section
on page 7-102.
|
Copyright © 1998, Content Technologies Limited. All rights reserved.