Banned notify

Simon Brereton simon.brereton at buongiorno.com
Fri May 18 17:27:46 CEST 2012 

On 16 May 2012 02:29, Birta Levente <blevi.linux at gmail.com> wrote:

Thanks for adding the subject! :)

> On 15/05/2012 19:42, Simon Brereton wrote:
>>
>> Hi Mark
>>
>> I have this in my config:
>>
>> grep -inr _admin /etc/amavis/conf.d/*
>> /etc/amavis/conf.d/20-debian_defaults:124:$virus_admin =
>> "postmaster\@$mydomain"; # due to D_DISCARD default
>>
>>
>> I like to get notified of viruses just in case one of my users gets
>> infected.  However, I frequently get notifications like:
>>
>
> $final_virus_destiny      = D_DISCARD;
> With $virus_admin configured above, you get notifications about infected
> emails.

As I intended..

>> No viruses were found.
>>
>> Banned name: .exe,.exe-ms,DHL report.exe
>> Content type: Banned
>> Internal reference code for the message is 16541-20/tWFdvtt+bT73
>>
>> First upstream SMTP client IP address: [120.59.73.245]
>> According to a 'Received:' trace, the message originated at:
>> [184.73.117.173],
>>   [184.73.117.173] account peacocksb96 at kurdogluholding.com.tr HELO
>>   kymea.xrjthjuwnchfczr.org
>>
>> Return-Path:<underdevelopedjl76 at pacunion.com>
>> From: "DHL Inc."<status at dhl.com>
>> Message-ID:<6898465608.LAF1U37T578728 at lwhgidtiykp.pvrlzbekgrukn.net>
>> Subject: DHL Package delivery status
>> The message has been quarantined as: banned-tWFdvtt+bT73
>>
>> This is because I have:
>>
>> grep -inr banned /etc/amavis/conf.d/*
>> /etc/amavis/conf.d/20-debian_defaults:120:$final_banned_destiny     =
>> D_DISCARD;   # D_REJECT when front-end MTA
>>
>>
>> But I would like to not be informed of banned files (most of them are
>> phishing and are only .exe to get through the spam filters).  How can
>> I enforce this?
>
>
> $banned_admin = undef;

I added this, and restarted amavis, but still today I got:

No viruses were found.

Banned name: application/octet-stream,.exe,.exe-ms,IMG6897.jpg.exe
Content type: Banned
Internal reference code for the message is 05072-12/pOZyV1dNjf1C

First upstream SMTP client IP address: [41.139.114.254]
According to a 'Received:' trace, the message originated at: [37.24.194.31],
  [37.24.194.31] account homogeneityagiw761 at admail.com.ar HELO
  riuyqmcnkxgjavl.adehrldqt.tv

Return-Path: <abroadi13 at eurobiobiz.com>
From: "Shirley Belcher" <abroadi13 at eurobiobiz.com>
Message-ID: <8807924198.9VW1122G655414 at wvruwyqe.lbwiyckawuwl.ua>
Subject: FW:Check the attachment you have to react somehow to this picture
The message has been quarantined as: banned-pOZyV1dNjf1C

The message WAS NOT relayed to:
<abhinav.shukla at alphaharvest.net>:
   250 2.7.0 Ok, discarded, id=05072-12 - BANNED:
application/octet-stream,.exe,.exe-ms,IMG6897.jpg.exe

Simon

More information about the amavis-users mailing list