Linux Training

Linux training for private, public & voluntary sector.

0793 572 8612

City LinUX sample scripts - zippedexe


zippedexe - unpacks zipped e-mail attachments and checks the contents for .exe files.


zippedexe [ -d ] | [ -V ]


zippedexe is a Bourne shell script which should work equally well on all versions of UNIX, Linux and Mac OS X.


zippedexe uses P.L. Daniels' " ripmime " to deconstruct an e-mail message and " unzip " to list the contents of any resulting zipped files. If a .exe file is found the script returns a zero value (true) and adds " X-CityLinux: ZIPPED_EXE " to the message headers.

The script can be used from the command line as a filter but is designed to be invoked by procmail when delivering mail.

When procmail is used with sendmail and spamassassin it is a fairly simple matter to add the header for all users with a recipe in /etc/procmailrc then, by adding a rule to spamassassin which increments the spam score appropriately, it is possible to deal with the dispostion of the message using the same criteria as all other messages identified as spam.

In environments where plesk, postfix and spamassassin are used I have been unable to find a way to do this and so I employ a more complete .procmailrc in the virtual mail user's "home" directory.

Procmail is invoked by modifying .qmail in the same virtual mail users "home" directory, usually "/var/qmail/mailusers/<mail domain name>/<mail user>/.qmail.

Note that the .procmailrc recipes provide for delivery of messages to the postfix mail folder subdirectories (eg Maildir/.Spam{new,cur} by using the postfix command " deliverquota " for final delivery as procmail doesn't understand this structure.


-d    Set debug mode on. The -x    option is set within the shell and each command in the script is echoed to the console.

-V    Print the version details and exit.


/etc/mail/spamassassin/ ,
/etc/procmailrc ,
/var/qmail/mailnames/<mail domain>/<virtual mail user>/.procmailrc ,
/var/qmail/mailnames/<mail domain>/<virtual mail user>/.qmail ,


cat <message_file>|zippedexe 

The message is deconstructed to a temporary directory below /tmp . The contents of any files with a .zip extension are listed and if the archive contains .exe files the header X-CityLinux: ZIPPED_EXE is inserted and the script exits with value 0 (zero).

If no .EXE is found the exit value is 1 .

The message is output to "STANDARD OUT"


The script is quite crude and has very little, if any, error checking. The consequences of unexpected input are untested.


How-to junk mail with zipped exe attachments .


Clifford W Fulford, City Linux. Contact or +44 (0)709 229 5385.

The layout and associated style sheets for this page are taken from the World Wide Web Consortium and used here under the W3C software licence.