Amavis blocking images...

Peter Dal pdal at
Wed Sep 21 16:15:27 CEST 2011

Hi folks,

I have a problem that started last Monday, without me changing 
anything... For some odd reason, amavis started blocking images, but not 
all of them, just a specific one. Here's the situation:

One of my users is using a mailing list, and sends out an email with our 
company logo as header (embeded, not attached). When this message comes 
back (since he's subscribed to this list) the email gets blocked by 
amavis, and I receive the following notification email:

    |No viruses were found.

    Banned name: multipart/mixed |
       image/gif,.image,.gif,part1.03020803.05050501 at
    Content type: Banned
    Internal reference code for the message is 30298-18/Fe80t5ePS7Gx

    First upstream SMTP client IP address: [<source ip>]
    According to a 'Received:' trace, the message originated at:
       [<source ip>], localhost.localdomain unknown []

    Return-Path:<source at>
    From: source at
    Sender: source at
    Subject: ...
    The message has been quarantined as: /var/lib/amavis/virusmails

    The message WAS NOT relayed to:
    <user at>:
        250 2.7.0 Ok, discarded, id=30298-18 - BANNED: multipart/mixed | image/gif,.image,.gif,part1.03020803.05050501 at


    Return-Path:<source at>
    Received: from ( [<source ip>])
         by (Postfix) with ESMTP id DB2AA25458D
         for<user at>; Mon, 19 Sep 2011 15:57:13 -0500 (CDT)
    Received: from localhost.localdomain (unknown [])
         by (Postfix) with ESMTP id 76EEB40CB89D
         for<user at>; Mon, 19 Sep 2011 16:57:13 -0400 (EDT)
    MIME-Version: 1.0
    Content-Transfer-Encoding: binary
    Content-Type: multipart/mixed; boundary="_----------=_13164658337320692"
    X-Mailer: MIME::Lite 3.027 (F2.74; T1.28; A2.04; B3.07; Q3.07)
    Date: Mon, 19 Sep 2011 16:57:13 -0400
    To:<user at>
    From: source at
    Subject: ...
    Reply-To:<user at>
    Sender: source at
    Comments: Cust: 5 Msg: 581646
    Message-Id: 13164658335.581646

As far as I can tell, it is not supposed to ban ANY images, and in fact 
this has been working without a glitch for years. Now all of a sudden it 
starts banning stuff....

The only related setting I can think of (feel free to ask me to post 
others) is the $banned_filename_re, which looks like this:

    |$banned_filename_re = new_RE(
       # block certain double extensions anywhere in the base name

       qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict

       qr'^application/x-msdownload$'i,                  # block these MIME types

       qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic (default)

It's not a one time thing either. He sends out over a dozen emails a 
day, and all of them get blocked this way. I'm completely stumped by 
this one. How do I track down what's going on here? Please keep in mind 
I'm kind of a noob when comes to amavis...


This e-mail message and any files transmitted here with, are intended solely for the use of the individual(s) addressed and may contain confidential, proprietary or privileged information. If you are not the addressee indicated in this message (or responsible for delivery of this message to such person) you may not review, use, disclose or distribute this message or any files transmitted herewith. If you receive this message in error, please contact the sender by reply e-mail and delete this message and all copies of it from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the amavis-users mailing list