pissircd/doc/conf/dccallow.conf

/* Example of a possible semi-secure /DCCALLOW configuration written by Syzop.
 * $Id$
 *
 * Actually nothing is *100% secure*... there could still be
 * bugs in the software itself (think: a winamp bug that can
 * be exploited via an mp3, or: a wmplayer bug that can be
 * exploited via a specially crafted .wmv, etc..).
 * If you are really that paranoid you could just remove
 * all 'allow dcc'-blocks and prompt the user for EVERY file ;).
 * 
 * Still, I think this file is a good tradeoff between userfriendlyness
 * and security. Note that when you try to only DENY specific
 * file type (exe, com, etc) you are *guaranteed* to miss ones
 * (like: did you know .r17 gets treated as a rar archive?
 *  and that an exe can be disguished as .cmd which is executable
 *  on nt/w2k/xp?)
 */

/* first.. deny everything, then allow known-good stuff... */
deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
/* common image formats */
allow dcc { filename "*.jpg"; soft yes; }
allow dcc { filename "*.jpeg"; soft yes; }
allow dcc { filename "*.gif"; soft yes; }
allow dcc { filename "*.png"; soft yes; }
allow dcc { filename "*.bmp"; soft yes; }
/* audio / video (but not scripted/playlists!) */
allow dcc { filename "*.mp1"; soft yes; }
allow dcc { filename "*.mp2"; soft yes; }
allow dcc { filename "*.mp3"; soft yes; }
allow dcc { filename "*.mpg"; soft yes; }
allow dcc { filename "*.mpeg"; soft yes; }
allow dcc { filename "*.m1v"; soft yes; }
allow dcc { filename "*.m2v"; soft yes; }
allow dcc { filename "*.vob"; soft yes; }
allow dcc { filename "*.wav"; soft yes; }
/* text / misc */
allow dcc { filename "*.txt"; soft yes; }
allow dcc { filename "*.log"; soft yes; }
allow dcc { filename "*.pdf"; soft yes; }
allow dcc { filename "*.c"; soft yes; }
allow dcc { filename "*.cpp"; soft yes; }