#!/usr/bin/perl
#
# This is a fairly simple filter that rejects all email messages that
# appear to have a MIME attachment with one of the following filename
# extensions.
#
# Uncomment the line marked "UUENCODE" if you want to scan for uuencoded
# attachments as well.  This is not enabled by default as it can be
# triggered too easily, and automatic decoding of uuencoded attachments
# is not common for mail clients.
#
# Notes on the list of extensions:
# CHM - Compiled HTML help file, can contain scripts
# EXE - executable
# HLP - Windows help files, can contain auto-executing VBScript
# HTA - HTML application, can contain VBScript, JavaScript, etc.
# PIF - Program Information File
# REG - Regedit will inject its contents into the registry
# SCR - Screen capture, interpreted as an executable binary
# SHS - Shell automation code
# VBE - VisualBasic Enterprise ?
# VBS - VisualBasic Script
# WSF - Windows Scripting File (same as VBS)
# WSH - ???
#
sub check_filename {
    local($_) = @_;
    print "filename: $_\n" if $test;
    if(/\.(chm|exe|hlp|hta|pif|reg|scr|shs|vbe|vbs|wsf|wsh)$/oi) {
      print "Filenamed matched a banned extension!\n" if $test;
      exit(31);
    }
}

sub parse_content_td {
    local($_) = @_;
    chomp;
    s/\s+/ /go;
    print "parse: $_\n" if $test;
    &check_filename($1)
	if /[;\s]name\s*=\s*"([^\"]+)"/ || /[;\s]name\s*=\s*(\S+)/ ||
	    /[;\s]filename\s*=\s*"([^\"]+)"/ || /[;\s]filename\s*=\s*(\S+)/;
}

if($ARGV[0] eq '-t') {
  $test = 1;
  shift @ARGV;
}

while(<>) {
    print unless $test;
    if($content_td) {
	if(/^\s*$/o || /^\S/o) {
	    &parse_content_td($content_td);
	    undef $content_td;
	} else {
	    $content_td .= $_;
	    next;
	}
    }
    $content_td = $_ if /^Content-(Type|Disposition):\s*(.*)$/oi;
    #UUENCODE &check_filename($1) if /^begin\s+\d+\s+(.*)\s*$/oi;
}
exit(0);
