Block attachment by pattern

W

wrojas

New Member
Aug 5, 2021
4
1
3
43
Hello team, recently I have been receiving several emails that bring an attachment with this pattern:

2021-12-09_214605.png

The content of this file is a virus as my ESET AV can assure:

2021-12-09_214921.png

Unfortunately, the Proxmox antivirus cannot identify it in its signatures, so I want to block this type of attachment pattern, how is it possible?

My current version of PMG is 7.0-8.

Regards.
 
You can try to create a what-object (Match filename) to match this:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_what

the regular expression should probably look like:
'.*_{2,}\.r\d+$'
(to match everything which has at least 2 '_' followed by '.rXXX' (where XXX is only digits) - but do try it and verify this yourself)

I hope this helps!
 
Stoiko Ivanov said:
You can try to create a what-object (Match filename) to match this:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_what

the regular expression should probably look like:
'.*_{2,}\.r\d+$'
(to match everything which has at least 2 '_' followed by '.rXXX' (where XXX is only digits) - but do try it and verify this yourself)

I hope this helps!
Click to expand...

Hi Stoiko, thank you for your input.

I have tried that regex but it does not match.
2021-12-10_104531.png


This is the result, i don´t know what will be wrong in the test.

Regards.
 
Try what object match filename.

.*\.(ace|adp|app|asp|ba[st]|cer|chm|cmd|cnt|com|cpl|crt|csh|der|dll|exe|fxp|gadget|hlp|hpj|hta|in[fs]|img|isp|its|jse?|ksh|lnk|ma[dfgmqrstuvw]|md[detwz]|msc|msh|mshxml|msh[12]|msh[12]xml|ms[ipt]|ops|osd|pcd|pif|plg|prf|prg|pst|reg|sc[frt]|sh[bs]|ps[12]|ps[12]xml|psc[12|]tmp|url|uue|vb[eps]?|vsmacros|vsw|ws[cfh]?|xnk|ade|cla|class|grp|jar|mcf|ocx|pl|xbap|r11)

1639174128108.png
 
Glad that worked - please mark the thread as SOLVED - this helps other users having the same question
Thanks!
 
You must log in or register to reply here.
Top Bottom