defang_spam not working

Mark Martinec Mark.Martinec+amavis at ijs.si
Fri Feb 17 00:56:00 CET 2012 

Steve,

> I'm having problems with my amavis not defang'ing spam. Messages are having
> their subject rewritten and X-SPAM-Headers but are not defang'd.
> 
> Could anyone shed any light on which settings I need to be paying attention
> to? I've gone over my amavisd.conf with a find tooth comb to no avail.

Sorry for delay. While investigating what could potentially be the reason,
I found two problems regarding defanging in 2.7.0, and I'm attaching
a patch to fix these. The bug can only manifest itself under certain
conditions, and you are not saying neither which version of amavisd and
perl are you using, nor the defanging method of choice (like whether
altermime is installed and enabled, or whether Anomy::Sanitizer is
to be used for defanging).

Here is the description of the two problems addressed by the patch:

- fixed defanging by mimedefang, it was failing with perl 5.10 or later
  due to an unhandled "Insecure dependency in sprintf" while logging the
  result if the $log_level was 2 or higher, or when debugging was enabled;

- fixed defanging by Anomy::Sanitizer, it was failing with an error message:
  "mangling by anomy failed: replacement size 0, mail will pass unmodified"


> I'm using SQL backup with default policies. Recipients access is associated
> with the "Default Policy" (ie *_lover's all N, bypass_*_checks all N,
> spam_modifies_subj = Y, all over fields NULL).
> 
> $defang_virus  = 1;
> $defang_banned = 1;
> $defang_spam = 1;
> $defang_bad_header = 1;
> $defang_undecipherable = 1;
> $defang_all = 1; //for testing purposes only
> 
> $sa_tag_level_deflt  = -9999; //add spam headers to all messages
> $sa_tag2_level_deflt = 5.0; //anything >= 5 considered
> $sa_kill_level_deflt = 10.0;//anything >= 10 is quarantined
> $sa_quarantine_cutoff_level = 25;//anything >= 25 is discarded completely.
> 
> $final_virus_destiny = D_DISCARD;
> $final_banned_destiny = D_BOUNCE;
> $final_spam_destiny = D_DISCARD;
> ##$final_bad_header_destiny = D_REJECT;
> $final_bad_header_destiny = D_PASS;
> 
> While testing I checked to see if messages marked with a bad header are
> being defang'd by sending a malformed email with two Subject: headers.
> They also aren't being defang'd.
> Is there any change I'm missing a perl module required to defang or is it
> definitely a configuration issue?

Mail to local recipients with a bad header, or spam with score between
tag2 and kill levels, should have been defanged, unless you are meeting the
bug conditions above (perl >= 5.10, altermime installed, log level >= 2).

If you have altermime installed, try disabling it ($altermime = undef),
or apply the patch. If the problem persists, I'd like to see the full
log of the event (at $log_level=5).

  Mark

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0.patch
Type: text/x-patch
Size: 2005 bytes
Desc: not available
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20120217/8f182186/attachment.bin>

More information about the amavis-users mailing list