Closed kpapad904 closed 4 years ago
I agree .img / .iso and even dll / efi can be added safely. Please create a pull request with the suggested changes. We will review the changes.
Below is a list of additional banned extensions that I am currently using on most of my mail-servers, but which aren't listed in HestiaCP's /etc/exim4/exim4.conf.template (note: I used comm -23 file1 file2 to create the list)
ace arj cab dll docm efi fla fon img iso jar js msi ps1 reg sfx swf ttf vba wim xlsm
Please review and comment, as some of these extensions (e.g. xlsm, docm) might be legitimate for others.
PS: In my actual experience, the banned extensions that I've seen regularly in 2020 were .iso and .img (in addition to .exe obviously)
The list is safe to add as these are also blocked by Office 365 / Exchange
Please prepare a pull request we will review it asap
The extensions blocked by Outlook can be seen here: https://support.microsoft.com/en-us/office/blocked-attachments-in-outlook-434752e1-02d3-4e90-9124-8b81e49a8519?ui=en-us&rs=en-us&ad=us
In the PR I just submitted, I didn't include .docm/.xlsm (Office docs with macros) but did include the rest.
Those who might find odd the inclusion of .ttf, it's due to past exploits e.g. https://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kernel/101263/
Here is the same list, but including all the extensions blocked by Outlook:
\.ace|\.ade|\.adp|\.app|\.arj|\.asp|\.aspx|\.asx|\.bas|\.bat|\.cab|\.cer|\.chm|\.cmd|\.cnt|\.com|\.cpl|\.crt|\.csh|\.der|\.diagcab|\.dll|\.efi|\.exe|\.fla|\.fon|\.fxp|\.gadget|\.grp|\.hlp|\.hpj|\.hta|\.htc|\.img|\.inf|\.ins|\.iso|\.isp|\.its|\.jar|\.jnlp|\.js|\.jse|\.ksh|\.lib|\.lnk|\.mad|\.maf|\.mag|\.mam|\.maq|\.mar|\.mas|\.mat|\.mau|\.mav|\.maw|\.mcf|\.mda|\.mdb|\.mde|\.mdt|\.mdw|\.mdz|\.msc|\.msh|\.msh1|\.msh1xml|\.msh2|\.msh2xml|\.mshxml|\.msi|\.msp|\.mst|\.msu|\.ops|\.osd|\.pcd|\.pif|\.pl|\.plg|\.prf|\.prg|\.printerexport|\.ps1|\.ps1xml|\.ps2|\.ps2xml|\.psc1|\.psc2|\.psd1|\.psdm1|\.pst|\.py|\.pyc|\.pyo|\.pyw|\.pyz|\.pyzw|\.reg|\.scf|\.scr|\.sct|\.sfx|\.shb|\.shs|\.swf|\.sys|\.theme|\.tmp|\.ttf|\.url|\.vb|\.vba|\.vbe|\.vbp|\.vbs|\.vhd|\.vhdx|\.vsmacros|\.vsw|\.vxd|\.webpnp|\.website|\.wim|\.ws|\.wsc|\.wsf|\.wsh|\.xbap|\.xll|\.xnk
I don't think there is an issue against the extended upgrade list.
Just checked exim4 config and I think we should also include .img/.iso to the list of blacklisted file extensions (L210 of /etc/exim4/exim4.conf.template), since a significant percentage of the viruses that my mail-servers have received during 2020 were of that file extension.
On my servers I typically blacklist several other file extensions (e.g. .dll, .efi) and in some cases docm/xlsm (macros).