Stopping .js in .zip

[Mark Sapiro]

On 02/22/2017 04:29 AM, Trond M. Markussen wrote:
> Thanks for the info. In that case, stopping these attacks should not be a
> problem with the current MS version as I understand it.


I would think so, but I don't have a pre 4.76 version to test/experiment
with so I don't know for sure.


> Could it be a conflict between allowing ZIPs and denying JS files in
> filename.rules.conf?
> allow   \.zip$ 
> deny    \.jse?$


You might try changing the order of 'deny    \.jse?$' and 'allow
\.zip$' in that file. I wouldn't think it would matter, but it might.


> Is there perhaps a way to block js files in filetype.rules.conf?


I don't think so. filetype.rules.conf relies on the type reported by the
'file' command, and in testing a few .js files, the report is either
'HTML document, ASCII text' or 'ASCII text' and you certainly don't want
to block those.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan