Amavis Mailing List Archive

From: Noel Jones (njones@megan.vbhcs.org)
Date: Wed Dec 22 2004 - 11:54:01 EST

• Next message: Mark Martinec: "Re: [AMaViS-user] *_quarantine_to to real system path"
• Previous message: Jack Vandensype: "[AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"
• In reply to: Jack Vandensype: "[AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"

At 10:00 AM 12/22/04, Jack Vandensype wrote:
>Hello all, this is my first time posting on this list so be kind :)
>
>I have a postfix/amavisd/spamassassin box acting as a gateway to my
>Exchange server. Everything seems to be working ok except I am a bit
>confused about how banned attachment names are being handled (.exe
>in particular).
>
>I use postfix's mime_header_checks to reject all mail with bad file
>attachments
>and this is working fine except for .exe files. It seems as if amavis
>is picking
>these up and notifying me for some, but not all exe's. Below is an
>excerpt of an
>amavis report I receive.
>
>My question is this, in what order are the postfix/amavis rules
>processed?
>When I send an exe file to myself from the outside I get a reject from
>*postfix*
>not amavis, however, I still receive message similar to below on a daily
>basis.
>Any ideas? Thanks in advance.
>
>Jack
>
>Sample amavis report:
>
> BANNED NAME (.exe) FROM <ieper@punch-gmbh.de>
>
>No viruses were found.
>
>A banned name (.exe) was found.
>
>
>The mail originated from: <ieper@punch-gmbh.de>
>
>According to the 'Received:' trace, the message originated at:
> opfpswrhl.de (p508D0143.dip0.t-ipconnect.de [80.141.1.67])
>
>The message WAS NOT delivered to:
><user1@mydomain2.com>:
> 550 5.7.1 Message content rejected, id=01949-05 - BANNED: .exe
><user2@mydomain2.com>:
> 550 5.7.1 Message content rejected, id=01949-05 - BANNED: .exe
>
>The message has been quarantined as:
> /var/virusmails/virus-20041222-144539-01949-05

The file(1) utility identified the attachment as an .exe file; this is
based on the file itself, not its name.
You'll need to examine the file in quarantine to see why postfix didn't
block it. Likely because the attachment name extension isn't on your
banned list.

If you wish amavisd-new to accept files of this type, you'll need to adjust
the setting of $banned_filename_re in your amavisd.conf file.
Look for something like:
  qr'^\.(exe|zip|lha|tnef)$'i, # banned file(1) types
and comment it out by inserting a "#" at the beginning of the line.

-- 
Noel Jones 
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

• Next message: Mark Martinec: "Re: [AMaViS-user] *_quarantine_to to real system path"
• Previous message: Jack Vandensype: "[AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"
• In reply to: Jack Vandensype: "[AMaViS-user] Amavis BANNED NAME vs. Postfix mime_header_checks"