Allowing BANNED extensions inside compressed archives
Darek M.
fafaforza at yahoo.com
Thu Apr 19 21:55:09 CEST 2012
Hi list, so I want to allow exe files if they are inside a compressed zip or rar archive, and want to ask for verification of my change to amavisd.conf
In the regexp definition for "$banned_filename_re", I moved
[ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives
which by default is 14 lines below the " $banned_filename_re" declaration to be the first thing in the block, before exe, dll, cab, pif, etc. This is what it looks like right now:
$banned_filename_re = new_RE(
[ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES:
# [ qr'^\.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
# qr'^\.zip$', # block zip type
### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives
I just want to make sure I am not going to have some unforeseen things happen. On first glance, it's working as expected. A client's Raima database files are being tagged as exe files and being dropped. I'm fine with letting through compressed archives, no matter what's inside, really.
--
Darek
More information about the amavis-users
mailing list