Problem with ms-exe banned files
Mark.Martinec+amavis at ijs.si
Fri May 20 20:35:29 CEST 2011
> We keep getting problems with the ms-exe detection scheme in amavis for
> banned files. I was wondering :
> Does Amavis only look at the extension of the file ? In this case a
> ".dat" file, or does it really test the file ?
> For example in linux : file file.dat
> file.dat: DOS executable (device driver)
> X-Amavis-Alert: BANNED, message contains .exe,.exe-ms,file.dat
Amavisd banning rules can test for either:
- a name of a mail component;
- a result from the file(1) utility, mapped into a shorthand notation
- a MIME type
> I know that this isn't a device driver, but a part from a electronical
> software scheme.
You guessed correctly, in your case it is a wrong detection
coming from a file(1) utility.
> How can we avoid this ? Or manipulate the ms-exe detection ?
No ideal solution. Some choices:
- see if a newer version of a file(1) utility has this misdetection fixed,
if not file a bug report to its maintainer (who is quite cooperative);
- remove a test for .exe-ms from your banning rules, or preceed it
with some countermeasure exception rule;
- if such mail is only coming from some sources or addressed to
only few recipients, consider @banned_files_lovers_maps
More information about the amavis-users