Allowing BANNED extensions inside compressed archives

Mark Martinec Mark.Martinec+amavis at ijs.si
Sat Apr 21 02:42:01 CEST 2012


Darek,

> Hi list, so I want to allow exe files if they are inside a compressed zip
> or rar archive, and want to ask for verification of my change to
> amavisd.conf
> 
> In the regexp definition for "$banned_filename_re", I moved
>
>   [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within these archives
> 
> which by default is 14 lines below the " $banned_filename_re" declaration
> to be the first thing in the block, before exe, dll, cab, pif, etc.  This
> is what it looks like right now:
> 
> $banned_filename_re = new_RE(
> 
>   [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within these archives
> 
>   ### BLOCKED ANYWHERE
>   # qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
>   qr'^\.(exe-ms|dll)$',                   # banned file(1) types,
[...] 
> I just want to make sure I am not going to have some unforeseen things
> happen.  On first glance, it's working as expected.  A client's Raima
> database files are being tagged as exe files and being dropped.  I'm fine
> with letting through compressed archives, no matter what's inside, really.

Yes, that is alright, if anything within zip, rar, arc, arj or zoo
archives is acceptable. Or perhaps give a free pass only to contents
of a zip but not for other archives, which could be achieved by
prepending a more restrictrive free pass, like: [ qr'^\.zip$'=> 0 ],

  Mark


More information about the amavis-users mailing list