[prev in list] [next in list] [prev in thread] [next in thread]
List: amavis-user
Subject: Re: Re: BANNED contents (.image, .png, image001.png) in mail FROM [192.0.2.0]:48963
From: Damian <amavis () arcsin ! de>
Date: 2014-07-25 11:45:46
Message-ID: 53D2436A.5080504 () arcsin ! de
[Download RAW message or body]
Hi,
are there objections to search for the actual banning reason? If not, I would like to \
propose a patch.
Kind regards
Damian
> ben,
>
> > i'm getting the following notifications:
> >
> > Subject: BANNED contents (.image,.png,image001.png) in mail FROM \
> > [192.0.2.0]:48963
> > No viruses were found.
> >
> > Banned name: .image,.png,image001.png
> > Content type: Banned
> > Internal reference code for the message is 07049-20/tsuDhcN5qlnc
> >
> > [...]
> > The message has been quarantined as: t/banned-tsuDhcN5qlnc
> >
> > but i'm having trouble figuring out why these contents were banned. i don't \
> > intentionally have things configured this way. here are my current settings i \
> > believe are related to this?:
> > $banned_filename_re = new_RE(
> > qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
> >
> > # block certain double extensions anywhere in the base name
> > qr'\.[^./]*[A-Za-z][^./]*\.\s*(bat|cmd|com|cpl|dll|exe|pif|reg|scr|vbs)[.\s]*$'i,
> >
> > # allow any file types within such archives
> > [ qr'^\.(Z|gz|bz2)$' => 0 ], # unix-compressed
> > [ qr'^\.(rpm|cpio|tar)$' => 0 ], # unix archives
> > [ qr'^\.(zip|rar|arc|arj|zoo)$' => 0 ], # other/misc
> >
> > # rudimentary extension blocking [based on file name alone]
> > # note: extensions added here should also have entries for mime or
> > # file types below, where possible
> > qr'.\.(bat|cab|cmd|com|cpl|dll|exe|lha|mis|pif|reg|scr|vbs|wsf|wsh)$'i,
> >
> > # mime types to block
> > qr'^application/x-msdownload$'i,
> > qr'^application/x-msdos-program$'i,
> > qr'^application/hta$'i,
> >
> > # don't allow attachments spread out across multiple messages [rfc2046]
> > qr'^message/partial$'i,
> > qr'^message/external-body$'i,
> >
> > # files types to block [as per file(1)]
> > qr'^\.(cab|dll|exe|exe-ms|lha|tnef)$',
> >
> > # blocks attachments whose names contain clsid extensions
> > qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # strict
> > #qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # loose
> > );
> >
> > what am i missing?
>
> The macro %F (producing: .image,.png,image001.png) just shows a
> leaf note of the MIME and archives tree. A banning reason may
> be in one of its parents, e.g. a MIME type or a type of an
> archive (like zip).
>
> Search the log (log level 1) for ' p.path' corresponding to that
> mail message, it will show a more detailed information on the
> banning reason.
>
> Mark
>
["fix-banning_short_reason.patch" (text/x-patch)]
diff --git a/amavisd b/amavisd
index 8d2a2e1..ddf0b37 100755
--- a/amavisd
+++ b/amavisd
@@ -9378,10 +9378,18 @@ sub check_for_banned_names($) {
} else {
do_log(5,"doing banned check for %s on %s",
$recip,$key_val_trad_str);
- ($result,$matchingkey) =
- lookup2(0, [map(@$_,@descr_trad)], # check all attribs in one go
- [map(ref($_) eq 'ARRAY' ? @$_ : $_, @$t_ref)],
- Label=>"check_bann:$recip");
+
+ # check iteratively to obtain correct simple_part_name
+ for my $dt (@descr_trad) {
+ ($result,$matchingkey) =
+ lookup2(0, $dt,
+ [map(ref($_) eq 'ARRAY' ? @$_ : $_, @$t_ref)],
+ Label=>"check_bann:$recip");
+ if (defined $result) {
+ $simple_part_name = join ',', @$dt;
+ last;
+ }
+ }
$t_ref_old = $t_ref;
}
if (defined $result) {
--
1.7.10.4
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic