Inbuilt Attachment Content Filter for Examining Zip and Rar for Executables

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Inbuilt Attachment Content Filter for Examining Zip and Rar for Executables

Postby aahq » Fri Mar 18, 2016 5:58 am

Below is what I am using in my pickup event but it would be great if there was an inbuilt filter like the below as a standard feature.

I think a lot of people would be happy with just mime unpacking, unarchiving, and checking for malicious content and marking it up for action.

For those wondering about the programs used do a search for "munpack" and "z7ip"...

I also think it would be a money spinner having basic inbuilt content filtering in the Base Mail Product.

:)

Scott
---------------

copy "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1" c:\temp\original

md "c:\munpack\temp\%1"

copy "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1" c:\munpack\temp\%1

c:\munpack\munpack -t -f -C c:\munpack\temp\%1 c:\munpack\temp\%1\%1

c:\7zip\7z e -oc:\munpack\temp\%1 -y c:\munpack\temp\%1\*.zip
c:\7zip\7z e -oc:\munpack\temp\%1 -y c:\munpack\temp\%1\*.rar

if exist c:\munpack\temp\%1\*.js COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.com COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.exe COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.vb COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.vb? COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.msi COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.dot COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.bat COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.cmd COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.inf COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.js? COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.exe COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.reg COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.scr COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.sys COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"
if exist c:\munpack\temp\%1\*.shs COPY "C:\munpack\sv-unwanted.txt"+"c:\munpack\temp\%1\%1" "D:\Program Files (x86)\Mail Enable\Queues\%2\Inbound\Messages\%1"

Who is online

Users browsing this forum: No registered users and 3 guests