Block attachment by pattern

[wrojas]

Hello team, recently I have been receiving several emails that bring an attachment with this pattern:



The content of this file is a virus as my ESET AV can assure:



Unfortunately, the Proxmox antivirus cannot identify it in its signatures, so I want to block this type of attachment pattern, how is it possible?

My current version of PMG is 7.0-8.

Regards.

 

[Stoiko Ivanov]

You can try to create a what-object (Match filename) to match this:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_what

the regular expression should probably look like:
'.*_{2,}\.r\d+$'
(to match everything which has at least 2 '_' followed by '.rXXX' (where XXX is only digits) - but do try it and verify this yourself)

I hope this helps!

 

[wrojas]

You can try to create a what-object (Match filename) to match this:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_what

the regular expression should probably look like:
'.*_{2,}\.r\d+$'
(to match everything which has at least 2 '_' followed by '.rXXX' (where XXX is only digits) - but do try it and verify this yourself)

I hope this helps!

Hi Stoiko, thank you for your input.

I have tried that regex but it does not match.



This is the result, i don´t know what will be wrong in the test.

Regards.

 

[hata_ph]

Try what object match filename.

.*\.(ace|adp|app|asp|ba[st]|cer|chm|cmd|cnt|com|cpl|crt|csh|der|dll|exe|fxp|gadget|hlp|hpj|hta|in[fs]|img|isp|its|jse?|ksh|lnk|ma[dfgmqrstuvw]|md[detwz]|msc|msh|mshxml|msh[12]|msh[12]xml|ms[ipt]|ops|osd|pcd|pif|plg|prf|prg|pst|reg|sc[frt]|sh[bs]|ps[12]|ps[12]xml|psc[12|]tmp|url|uue|vb[eps]?|vsmacros|vsw|ws[cfh]?|xnk|ade|cla|class|grp|jar|mcf|ocx|pl|xbap|r11)

 

[wrojas]

Thanks Stoiko Ivanov and hata_ph, both option work fine !!!

 

[Stoiko Ivanov]

Glad that worked - please mark the thread as SOLVED - this helps other users having the same question
Thanks!