#
# Attachments
#
/^Content-(Disposition|Type):[[:space:]]+[^;]*;[[:space:]]+(file)?name=\"[^"]+\.(ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|ocx|pcd|pif|reg|sc[rt]|sh[bs]|url|vb[esx]?|ws[cfh])\"/	REJECT  You may not send executable files with "$3" file extensions! ZIP your file and try again. MxAttach1
/^[[:space:]]+(file)?name=\"[^"]+\.(ad[ep]|asd|ba[st]|chm|cmd|com|cpl|crt|dll|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|ocx|pcd|pif|reg|sc[rt]|sh[bs]|url|vb[esx]?|ws[cfh])\"/	REJECT  You may not send executable files with "$2" file extensions! ZIP your file and try again. MxAttach2
#
# Known virus patterns.
#
/^[[:space:]]*Content-(Disposition|Type).*name[[:space:]]*=[[:space:]]*"?((Attach|Information|TextDocument|Readme|Msg|Msginfo|Document|Info|Attachedfile|Attacheddocument|TextDocument|Text|TextFile|Letter|MoreInfo|Message|Encrypted)\.zip)"?[[:space:]]*$/	REJECT	BAGLE virus detected. MxVirus1
/^[[:space:]]*Content-(Disposition|Type).*name[[:space:]]*=[[:space:]]*"?((Patch|MS-Security|MS-UD|UpDate|sys-patch|MS-Q).*\.zip)"?[[:space:]]*$/	REJECT	SOBER virus detected. MxVirus2
/^[[:space:]]*Content-(Disposition|Type).*name[[:space:]]*=[[:space:]]*"?.*\.(doc|jpg|txt)\.zip"?[[:space:]]*$/	REJECT	SOBER virus detected. MxVIRUS3
#
# Content-Transfer-Encoding violations
#
/^Content-(Disposition|Type):.application\/?[^;]*;[[:space:]]+(file)?name=\"([^"]*)\"/	WARN	Message attachment, "$3", is of type APPLICATION, but has not been blocked by the executable-file filters. MxCT4