hi, Does anyone know how to config amavisd-new banned zip files which consist of exe files? I install base on following: http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu8.10 Thanks alot. Davy
Below is my config File: 20-debian_defaults. It can ban 14 level of files(zip/rar) which consist of banned file format(such as EXE) # Quota limits to avoid bombs (like 42.zip) $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes In CentOS, it can work. Thanks for your reply. Davy
Hi, Below message come from my CentOS mailserver which can block up 14 levels of EXE files. In Ubuntu 8.10 can not block in the same files. Do you know how to set amavis-new(config file)? Thanks Davy BANNED CONTENTS ALERT Our content checker found banned name: multipart/mixed | application/octet-stream,.rar,WinXP Key.rar | .txt,Windows XP PRO VLK§Ç¦C¸¹*קï.VBS in email presumably from you <[email protected]> to the following recipient: -> [email protected] Our internal reference code for your message is 13903-04/b8cdmyhpLwyb First upstream SMTP client IP address: [192.168.16.80] Return-Path: <[email protected]> From: <[email protected]> Message-ID: <000001c95a65$ae728fb0$0b57af10$@com> Subject: test RAR Delivery of the email was stopped! The message has been blocked because it contains a component (as a MIME part or nested within) with declared name or MIME type or contents type violating our access policy. To transfer contents that may be considered risky or unwanted by site policies, or simply too large for mailing, please consider publishing your content on the web, and only sending an URL of the document to the recipient. Depending on the recipient and sender site policies, with a little effort it might still be possible to send any contents (including viruses) using one of the following methods: - encrypted using pgp, gpg or other encryption methods; - wrapped in a password-protected or scrambled container or archive (e.g.: zip -e, arj -g, arc g, rar -p, or other methods) Note that if the contents is not intended to be secret, the encryption key or password may be included in the same message for recipient's convenience. We are sorry for inconvenience if the contents was not malicious. The purpose of these restrictions is to cut the most common propagation methods used by viruses and other malware. These often exploit automatic mechanisms and security holes in more popular mail readers (Microsoft mail readers and browsers are a common target). By requiring an explicit and decisive action from the recipient to decode mail, the danger of automatic malware propagation is largely reduced.
Did you compare your amavisd configuration with the one on your CentOS server? Any errors in your mail log?
I did compare to CentOS(amavis) config file which is almost same as Ubuntu(amavis)file(.20-debian_defaults) In CentOS maillog: Block spam------BANNED CONTENTS ====This one is OK. In Ubuntu mail.log: Pass Clean ====This one is NG Do you have any solution to block the RAR files(banned EXE)? Thanks for your reply Davy
