This page is intended to provide quick examples of ACLs and ACL-items in order to facilitate the blocking of the latest email borne worms and viruses, as well as various other potentially useful items.

Block NameStateTest TypeDetailsComment
Slippery Zip filesDENYText testname=.*\.zipDeny all Zip filenames
Bagel (with plaintext password)DENYText testattach.*password.*[0123456789]{3,}Deny Bagel
Bagel (with Bitmap image password)
ExitACLFilename\.zip$ [Invert mode ON]
ExitACLFilename\.bmp$ [Invert mode ON]
TAGFilename\.zip$
TAGFilename\.bmp$
DENYTaggingMode: AllDeny emails with only bitmap and zip files
Double-triple extentions

These are commonly seen with viruses trying to pass attachments through with a filename like foofile.doc.exe, causing Windows to typically not show the .exe extention, misleading the client into thinking the file is safe to open. Sometimes this block will deny innocent files, so use this with moderate caution.

The extra complexity at the start of the regex (^[^\.]*) is to make sure there are no other preceeding '.' chars prior to the finishing double-triple, this helps reduce the false hit rate.

DENYFilename^[^\.]*\....\.(bat|exe|com|scr|pif|vbs)$Deny double-triple executable extentions

For corrections and suggestions - WWW administrator