Banned messages with PDF attachments
Mark Martinec
Mark.Martinec+amavis at ijs.si
Fri Apr 5 20:33:15 CEST 2013
Nick,
> I have some messages with pdf attachments banned. I can see:
>
> X-Amavis-Alert: BANNED, message contains
> application/x-msdownload,.pdf,2nd Circular_IEC2013.pdf
>
> The attachment has:
> Content-Type: application/x-msdownload; name="2nd Circular_IEC2013.pdf"
>
> Why such messages get banned (although I think they shouldn't)?
By default amavis is blocking application/x-msdownload attachments.
> What is their difference from other messages with PDF attachments like
> the following, that reach us without issues:
>
> Content-Type: application/pdf;
> name="=?UTF-8?B?zqbOlc6aX86RXzE2My0yMDEwLnBkZg==?="
>
> When a PDF file attachment is characterized as
> "application/x-msdownload" (and it gets banned) and when
> "application/pdf" (and it doesn't)?
Looks like a bug in a recent version of Thunderbird
which labels PDF attachments as application/x-msdownload
(which is normally used for DLL executables),
instead of using text/pdf or application/pdf :
http://ubuntuforums.org/showthread.php?t=1949353
http://mimeapplication.net/x-msdownload :
The MIME Type application/x-msdownload is part of the 'application'
category and it is commonly used to indicate the encoding for
the DLL file type when such a file is present within a message.
This MIME Type in general describes executable and/or system
files that are associated with the Windows and OS2 platforms
and is also used for the EXE file type. Due to their executable
nature, these file types are often put under block or restricted
lists to avoid contracting an infection from these files.
Most email services will block these files from being sent
over their networks.
The DLL and the EXE file types have many characteristics in common.
Both are likely to have code, data and resource in any of the
possible combinations. While DLL is not directly executable,
it is an active file that can store malicious code inside that
can then damage a system. DLL files are often made for resource
sharing actions between various components of a program or an OS
like Windows XP. A DLL file is described as a 'dynamic link library'.
Mark
More information about the amavis-users
mailing list