BANNED contents (.image, .png, image001.png) in mail FROM [192.0.2.0]:48963

btb listsb-amavis at bitrate.net
Thu Jul 3 18:44:25 CEST 2014


hi-

i'm getting the following notifications:

Subject: BANNED contents (.image,.png,image001.png) in mail FROM [192.0.2.0]:48963

No viruses were found.

Banned name: .image,.png,image001.png
Content type: Banned
Internal reference code for the message is 07049-20/tsuDhcN5qlnc

[...]
The message has been quarantined as: t/banned-tsuDhcN5qlnc

but i'm having trouble figuring out why these contents were banned.  i don't intentionally have things configured this way.  here are my current settings i believe are related to this?:

$banned_filename_re = new_RE(
	qr'^UNDECIPHERABLE$',	# is or contains any undecipherable components

	# block certain double extensions anywhere in the base name
	qr'\.[^./]*[A-Za-z][^./]*\.\s*(bat|cmd|com|cpl|dll|exe|pif|reg|scr|vbs)[.\s]*$'i,

	# allow any file types within such archives
	[ qr'^\.(Z|gz|bz2)$'				=> 0 ],	# unix-compressed
	[ qr'^\.(rpm|cpio|tar)$'			=> 0 ],	# unix archives
	[ qr'^\.(zip|rar|arc|arj|zoo)$'			=> 0 ],	# other/misc

	# rudimentary extension blocking [based on file name alone]
	# note: extensions added here should also have entries for mime or
	# file types below, where possible
	qr'.\.(bat|cab|cmd|com|cpl|dll|exe|lha|mis|pif|reg|scr|vbs|wsf|wsh)$'i,

	# mime types to block
	qr'^application/x-msdownload$'i,
	qr'^application/x-msdos-program$'i,
	qr'^application/hta$'i,

	# don't allow attachments spread out across multiple messages [rfc2046]
	qr'^message/partial$'i,
	qr'^message/external-body$'i,

	# files types to block [as per file(1)]
	qr'^\.(cab|dll|exe|exe-ms|lha|tnef)$',

	# blocks attachments whose names contain clsid extensions
	qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i,	# strict
	#qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i,		# loose
);

what am i missing?

thanks
-ben


More information about the amavis-users mailing list