[ Avaa Bypassed ]




Upload:

Command:

hmhc3928@18.119.110.76: ~ $
# Exim filter
## Version: 0.17
#	$Id: system_filter.exim,v 1.11 2001/09/19 11:27:56 nigel Exp $

## Exim system filter to refuse potentially harmful payloads in
## mail messages
## (c) 2000-2001 Nigel Metheringham <nigel@exim.org>
##
##     This program is free software; you can redistribute it and/or modify
##    it under the terms of the GNU General Public License as published by
##    the Free Software Foundation; either version 2 of the License, or
##    (at your option) any later version.
##
##    This program is distributed in the hope that it will be useful,
##    but WITHOUT ANY WARRANTY; without even the implied warranty of
##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
##    GNU General Public License for more details.
##
##    You should have received a copy of the GNU General Public License
##    along with this program; if not, write to the Free Software
##    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
## -A copy of the GNU General Public License is distributed with exim itself

## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
## The install notes are not a replacement for the exim documentation
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


## -----------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
#
if not first_delivery
then
  finish
endif

## -----------------------------------------------------------------------
# Check for MS buffer overruns as per BUGTRAQ.
# http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
  fail text "This message has been rejected because it has\n\
	     an overlength date field which can be used\n\
	     to subvert Microsoft mail programs\n\
             The following URL has further information\n\
	     http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61"
  seen finish
endif

## -----------------------------------------------------------------------
# These messages are now being sent with a <> envelope sender, but
# blocking all error messages that pattern match prevents
# bounces getting back.... so we fudge it somewhat and check for known
# header signatures.  Other bounces are allowed through.
if $header_from: contains "@sexyfun.net"
then
  fail text "This message has been rejected since it has\n\
	     the signature of a known virus in the header."
  seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
  # looks like a real error message - just ignore it
  finish
endif

## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
then
  fail text "This message has been rejected because it has\n\
	     potentially executable content $1\n\
	     This form of attachment has been used by\n\
             recent viruses or other malware.\n\
	     If you meant to send this file then please\n\
	     package it up as a zip file and resend it."
  seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
  fail text "This message has been rejected because it has\n\
	     potentially executable content $1\n\
	     This form of attachment has been used by\n\
             recent viruses or other malware.\n\
	     If you meant to send this file then please\n\
	     package it up as a zip file and resend it."
  seen finish
endif


## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails.   These were used as the basis for 
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
then
  fail text "This message has been rejected because it has\n\
	     a potentially executable attachment $1\n\
	     This form of attachment has been used by\n\
             recent viruses or other malware.\n\
	     If you meant to send this file then please\n\
	     package it up as a zip file and resend it."
  seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
then
  fail text "This message has been rejected because it has\n\
	     a potentially executable attachment $1\n\
	     This form of attachment has been used by\n\
             recent viruses or other malware.\n\
	     If you meant to send this file then please\n\
	     package it up as a zip file and resend it."
  seen finish
endif
## -----------------------------------------------------------------------


#### Version history
#
# 0.01 5 May 2000
#	Initial release
# 0.02 8 May 2000
#	Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
#	Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
#	Check global content-type header.  Efficiency mods to REs
# 0.05 9 May 2000
#	More minor efficiency mods, doc changes
# 0.06 20 June 2000
#	Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
#	Latest MS Outhouse bug catching
# 0.08 19 July 2000
#	Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
#	More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
#	Removed exclusion for error messages - this is a little nasty
#	since it has other side effects, hence we do still exclude
#	on unix like error messages
# 0.11 20 March, 2001
#	Added CMD extension, tidied docs slightly, added RCS tag
#	** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
#	Added HTA extension
# 0.13 22 May, 2001
#	Reformatted regexps and code to build them so that they are
#	shorter than the limits on pre exim 3.20 filters.  This will
#	make them significantly less efficient, but I am getting so
#	many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
#	Added .lnk extension - most requested item :-)
#	Reformatted everything so its now built from a set of short
#	library files, cutting down on manual duplication.
#	Changed \w in filename detection to . - dodges locale problems
#	Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
#	Changed the . in filename detect to \S (stops it going mad)
# 0.16 19 September, 2001
#	Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
#	Syntax fix
#
#### Install Notes
#
# Exim filters run the exim filter language - a very primitive
# scripting language - in place of a user .forward file, or on
# a per system basis (on all messages passing through).
# The filtering capability is documented in the main set of manuals
# a copy of which can be found on the exim web site
#	http://www.exim.org/
#
# To install, copy the filter file (with appropriate permissions)
# to /etc/exim/system_filter.exim and add to your exim config file
# [location is installation depedant - typicaly /etc/exim/config ]
# in the first section the line:-
#	message_filter = /etc/exim/system_filter.exim
#	message_body_visible = 5000
#
# You may also want to set the message_filter_user & message_filter_group
# options, but they default to the standard exim user and so can
# be left untouched.  The other message_filter_* options are only
# needed if you modify this to do other functions such as deliveries.
# The main exim documentation is quite thorough and so I see no need
# to expand it here...
#
# Any message that matches the filter will then be bounced.
# If you wish you can change the error message by editing it
# in the section above - however be careful you don't break it.
#
# After install exim should be restarted - a kill -HUP to the
# daemon will do this.
#
#### LIMITATIONS
#
# This filter tries to parse MIME with a regexp... that doesn't
# work too well.  It will also only see the amount of the body
# specified in message_body_visible
#
#### BASIS
#
# The regexp that is used to pickup MIME/uuencoded body parts with
# quoted filenames is replicated below (in perl format).  
# You need to remember that exim converts newlines to spaces in
# the message_body variable.
#
#	  (?:Content-					# start of content header
#	  (?:Type: (?>\s*)				# rest of c/t header
#	    [\w-]+/[\w-]+				# content-type (any)
#	    |Disposition: (?>\s*)			# content-disposition hdr
#	    attachment)					# content-disposition
#	  ;(?>\s*)					# ; space or newline
#	  (?:file)?name=				# filename=/name= 
#	  |begin (?>\s+) [0-7]{3,4} (?>\s+)) 		# begin octal-mode
#	  (\"[^\"]+\.					# quoted filename.
#		(?:ad[ep]				# list of extns
#		|ba[st]
#		|chm
#		|cmd
#		|com
#		|cpl
#		|crt
#		|eml
#		|exe
#		|hlp
#		|hta
#		|in[fs]
#		|isp
#		|jse?
#		|lnk
#		|md[be]
#		|ms[cipt]
#		|pcd
#		|pif
#		|reg
#		|scr
#		|sct
#		|shs
#		|url
#		|vb[se]
#		|ws[fhc])
#	  \"						# end quote
#	  )						# end of filename capture
#	  [\s;]						# trailing ;/space/newline

#
#
### [End]

Filemanager

Name Type Size Permission Actions
ImageMagick-6 Folder 0755
NetworkManager Folder 0755
X11 Folder 0755
alternatives Folder 0755
apache2 Folder 0755
audisp Folder 0750
audit Folder 0750
bash_completion.d Folder 0755
binfmt.d Folder 0755
cagefs Folder 0755
chkconfig.d Folder 0755
chkserv.d Folder 0755
cl.selector Folder 0755
cloud Folder 0755
cpanel Folder 0751
cron.d Folder 0755
cron.daily Folder 0755
cron.hourly Folder 0755
cron.monthly Folder 0755
cron.weekly Folder 0755
csf Folder 0600
dbus-1 Folder 0755
default Folder 0755
depmod.d Folder 0755
dhcp Folder 0750
dnsmasq.d Folder 0755
dovecot Folder 0755
dpkg Folder 0755
dracut.conf.d Folder 0755
egl Folder 0755
exports.d Folder 0755
firewalld Folder 0750
fonts Folder 0755
gcrypt Folder 0755
ghostscript Folder 0755
glvnd Folder 0755
gnupg Folder 0755
groff Folder 0755
grub.d Folder 0700
gss Folder 0755
gssproxy Folder 0755
imunify360 Folder 0755
init.d Folder 0755
iproute2 Folder 0755
krb5.conf.d Folder 0755
ld.so.conf.d Folder 0755
libnl Folder 0755
libpaper.d Folder 0755
logrotate.d Folder 0755
mail Folder 0755
modprobe.d Folder 0755
modules-load.d Folder 0755
named Folder 0750
nginx Folder 0755
openldap Folder 0755
opt Folder 0755
pam.d Folder 0755
pkcs11 Folder 0755
pki Folder 0755
plymouth Folder 0755
pm Folder 0755
polkit-1 Folder 0755
popt.d Folder 0755
ppp Folder 0755
prelink.conf.d Folder 0755
profile.d Folder 0755
proftpd Folder 0751
pure-ftpd Folder 0755
python Folder 0755
qemu-ga Folder 0755
rc.d Folder 0755
rc0.d Folder 0755
rc1.d Folder 0755
rc2.d Folder 0755
rc3.d Folder 0755
rc4.d Folder 0755
rc5.d Folder 0755
rc6.d Folder 0755
rdma Folder 0755
request-key.d Folder 0755
rpm Folder 0755
rsyslog.d Folder 0755
rwtab.d Folder 0755
sasl2 Folder 0755
scl Folder 0755
security Folder 0755
selinux Folder 0755
sgml Folder 0755
skel Folder 0755
smartmontools Folder 0755
snmp Folder 0755
ssh Folder 0755
ssl Folder 0755
statetab.d Folder 0755
sudoers.d Folder 0750
sw-engine Folder 0755
sysconfig Folder 0755
sysctl.d Folder 0755
systemd Folder 0755
terminfo Folder 0755
tmpfiles.d Folder 0755
tuned Folder 0755
udev Folder 0755
valiases Folder 0751
vdomainaliases Folder 0751
vfilters Folder 0751
vftp Folder 0751
wpa_supplicant Folder 0755
xdg Folder 0755
xinetd.d Folder 0755
xml Folder 0755
yum Folder 0755
yum.repos.d Folder 0755
.pwd.lock File 0 B 0600
.updated File 163 B 0644
.whostmgrft File 0 B 0644
DIR_COLORS File 4.97 KB 0644
DIR_COLORS.256color File 5.59 KB 0644
DIR_COLORS.lightbgcolor File 4.56 KB 0644
GREP_COLORS File 94 B 0644
GeoIP.conf File 1.66 KB 0644
adjtime File 16 B 0644
aliases File 1.49 KB 0644
aliases.db File 12 KB 0644
anacrontab File 541 B 0600
antivirus.exim File 10.38 KB 0644
asound.conf File 55 B 0644
at.deny File 1 B 0644
backupmxhosts File 0 B 0640
bashrc File 3.4 KB 0644
blocked_incoming_email_countries File 0 B 0640
blocked_incoming_email_country_ips File 0 B 0640
blocked_incoming_email_domains File 0 B 0640
centos-release File 37 B 0644
centos-release-upstream File 51 B 0644
chrony.conf File 1.08 KB 0644
chrony.keys File 62 B 0640
chrony.keys.rpmnew File 481 B 0640
cpanel_exim_system_filter File 11.86 KB 0644
cpanel_initial_install_ea4_profile.json File 3.23 KB 0644
cpanel_mail_netblocks File 15 B 0640
cpanelsync.exclude File 0 B 0644
cpbackup-exclude.conf File 138 B 0644
cpspamd.conf File 25 B 0644
cpupdate.conf File 86 B 0644
cron.deny File 7 B 0600
crontab File 451 B 0644
crypttab File 0 B 0600
csh.cshrc File 1.58 KB 0644
csh.login File 1.08 KB 0644
dbowners File 47 B 0640
demodomains File 0 B 0640
demouids File 0 B 0640
demousers File 0 B 0640
digestshadow File 42 B 0640
dnsmasq.conf File 26.2 KB 0644
domain_remote_mx_ips.cdb File 2 KB 0640
domain_secondary_mx_ips.cdb File 2 KB 0640
domainips File 15 B 0644
domainusers File 18 B 0640
dracut.conf File 1.25 KB 0644
e2fsck.conf File 112 B 0644
elinks.conf File 1.07 KB 0644
email_send_limits File 591 B 0640
environment File 0 B 0644
ethertypes File 1.29 KB 0644
exim.conf File 88.65 KB 0644
exim.conf.dist File 25.79 KB 0644
exim.conf.local File 38 B 0644
exim.conf.localopts File 1.91 KB 0600
exim.conf.mailman2.dist File 29.03 KB 0644
exim.conf.mailman2.exiscan.dist File 29.2 KB 0644
exim.crt File 3.51 KB 0660
exim.key File 1.64 KB 0660
exim.pl File 231 B 0644
exim.pl.local File 164.23 KB 0644
exim_suspended_list File 690 B 0640
exim_trusted_configs File 24 B 0644
eximmailtrap File 0 B 0644
eximrejects File 163 B 0644
exports File 0 B 0644
favicon.png File 1.05 KB 0644
filesystems File 70 B 0644
fstab File 436 B 0644
fstab,v File 849 B 0444
fstab.bak File 436 B 0644
ftpd-rsa-key.pem File 1.64 KB 0660
ftpd-rsa.pem File 3.51 KB 0660
greylist_common_mail_providers File 0 B 0644
greylist_trusted_netblocks File 0 B 0640
group File 1.2 KB 0644
group- File 1.18 KB 0644
File 0 B 0
gshadow File 1 KB 0600
gshadow- File 1013 B 0600
host.conf File 9 B 0644
hostname File 25 B 0644
hosts File 92 B 0644
hosts.allow File 370 B 0644
hosts.deny File 460 B 0644
idmapd.conf File 4.74 KB 0644
inittab File 511 B 0644
inputrc File 942 B 0644
ipaddrpool File 14 B 0644
ips File 0 B 0644
ips.dnsmaster File 42 B 0644
issue File 23 B 0644
issue.net File 22 B 0644
kdump.conf File 7.1 KB 0644
krb5.conf File 646 B 0644
ld.so.cache File 48.68 KB 0644
ld.so.conf File 28 B 0644
libaudit.conf File 191 B 0640
libuser.conf File 2.33 KB 0644
localaliases File 0 B 0644
localdomains File 255 B 0640
locale.conf File 19 B 0644
localtime File 118 B 0644
lock_manager_local.ini File 829 B 0644
login.defs File 1.98 KB 0644
logrotate.conf File 662 B 0644
lynx-site.cfg File 66 B 0644
lynx.cfg File 152.6 KB 0644
lynx.lss File 3.5 KB 0644
machine-id File 33 B 0444
magic File 111 B 0644
mail.rc File 1.92 KB 0644
mailbox_formats File 38 B 0640
mailcap File 272 B 0644
mailhelo File 0 B 0640
mailips File 0 B 0640
makedumpfile.conf.sample File 5 KB 0644
man_db.conf File 5.05 KB 0644
manualmx File 1 B 0640
mime.types File 50.89 KB 0644
mke2fs.conf File 1.08 KB 0644
motd File 0 B 0644
mta_dkim_active File 0 B 0644
mtab File 0 B 0444
my.cnf File 170 B 0644
named.conf File 4 KB 0644
named.conf,v File 4.11 KB 0644
named.conf.cache File 278 B 0600
named.conf.rpmnew File 1.76 KB 0640
named.conf.zonedir.cache File 57 B 0600
named.iscdlv.key File 3.83 KB 0644
named.rfc1912.zones File 931 B 0640
named.root.key File 1.84 KB 0644
nanorc File 8.68 KB 0644
neighbor_netblocks File 14 B 0640
netconfig File 767 B 0644
networks File 58 B 0644
nfs.conf File 1023 B 0644
nfsmount.conf File 3.31 KB 0644
nocgiusers File 0 B 0640
nscd.conf File 2.34 KB 0644
nscd.conf.rpmnew File 2.68 KB 0644
nsswitch.conf File 1.69 KB 0644
nsswitch.conf.bak File 1.69 KB 0644
nsswitch.conf.rpmnew File 1.89 KB 0644
odbcinst.ini File 577 B 0644
os-release File 393 B 0644
outgoing_mail_hold_users File 0 B 0640
outgoing_mail_suspended_users File 27 B 0640
papersize File 68 B 0644
passwd File 2.92 KB 0644
passwd- File 2.83 KB 0644
passwd.cache File 17.01 KB 0600
passwd.nouids.cache File 8.58 KB 0600
printcap File 233 B 0644
profile File 2.37 KB 0644
profile.rpmnew File 1.78 KB 0644
protocols File 6.39 KB 0644
pure-ftpd.conf File 10.37 KB 0600
pure-ftpd.conf.rpmnew File 11.33 KB 0755
pure-ftpd.pem File 5.15 KB 0660
rc.local File 473 B 0644
recent_authed_mail_ips File 0 B 0644
recent_authed_mail_ips_users File 0 B 0644
recent_recipient_mail_server_ips File 173 B 0640
redhat-release File 37 B 0644
relayhosts File 0 B 0644
relayhostsusers File 0 B 0644
remotedomains File 0 B 0644
request-key.conf File 1.75 KB 0644
resolv.conf File 38 B 0644
rndc.key File 77 B 0600
rpc File 1.6 KB 0644
rsyncd.conf File 458 B 0644
rsyslog.conf File 3.16 KB 0644
rwtab File 1008 B 0644
screenrc File 6.56 KB 0644
secondarymx File 0 B 0640
securetty File 221 B 0600
senderverifybypasshosts File 0 B 0640
services File 654.58 KB 0644
sestatus.conf File 216 B 0644
shadow File 1.43 KB 0600
shadow- File 1.43 KB 0600
shadow.nouids.cache File 8.81 KB 0600
shells File 169 B 0644
shells.rpmnew File 44 B 0644
skipsmtpcheckhosts File 0 B 0640
spammeripblocks File 0 B 0640
spammers File 0 B 0644
ssldomains File 84 B 0600
statetab File 212 B 0644
stats.conf File 37 B 0644
subgid File 0 B 0644
subuid File 0 B 0644
sudo-ldap.conf File 3.11 KB 0640
sudo.conf File 1.74 KB 0640
sudoers File 4.23 KB 0440
suphp.conf File 3.7 KB 0644
suphp.conf.rpmnew File 4.42 KB 0644
sysctl.conf File 485 B 0644
system-release File 37 B 0644
system-release-cpe File 23 B 0644
tcsd.conf File 6.88 KB 0600
trueuserdomains File 18 B 0640
trueuserowners File 15 B 0644
trusted-key.key File 750 B 0644
trusted_mail_users File 0 B 0640
trustedmailhosts File 0 B 0640
userbwlimits File 37 B 0640
userdatadomains File 1.9 KB 0640
userdatadomains.json File 2.1 KB 0640
userdomains File 380 B 0640
userips File 36 B 0640
userplans File 32 B 0640
vconsole.conf File 37 B 0644
vimrc File 1.94 KB 0644
virc File 1.94 KB 0644
webspam File 0 B 0644
wgetrc File 4.37 KB 0644
wwwacct.conf File 298 B 0644
wwwacct.conf.cache File 374 B 0644
wwwacct.conf.shadow File 73 B 0600
wwwacct.conf.shadow.cache File 374 B 0600
yum.conf File 1.1 KB 0644
zlogin File 252 B 0644
zlogout File 86 B 0644
zprofile File 375 B 0644
zshenv File 510 B 0644
zshrc File 1.11 KB 0644