BANNED contents (.image, .png, image001.png) in mail FROM [192.0.2.0]:48963
Mark Martinec
Mark.Martinec+amavis at ijs.si
Sat Jul 5 14:30:58 CEST 2014
ben,
> i'm getting the following notifications:
>
> Subject: BANNED contents (.image,.png,image001.png) in mail FROM [192.0.2.0]:48963
>
> No viruses were found.
>
> Banned name: .image,.png,image001.png
> Content type: Banned
> Internal reference code for the message is 07049-20/tsuDhcN5qlnc
>
> [...]
> The message has been quarantined as: t/banned-tsuDhcN5qlnc
>
> but i'm having trouble figuring out why these contents were banned. i don't intentionally have things configured this way. here are my current settings i believe are related to this?:
>
> $banned_filename_re = new_RE(
> qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
>
> # block certain double extensions anywhere in the base name
> qr'\.[^./]*[A-Za-z][^./]*\.\s*(bat|cmd|com|cpl|dll|exe|pif|reg|scr|vbs)[.\s]*$'i,
>
> # allow any file types within such archives
> [ qr'^\.(Z|gz|bz2)$' => 0 ], # unix-compressed
> [ qr'^\.(rpm|cpio|tar)$' => 0 ], # unix archives
> [ qr'^\.(zip|rar|arc|arj|zoo)$' => 0 ], # other/misc
>
> # rudimentary extension blocking [based on file name alone]
> # note: extensions added here should also have entries for mime or
> # file types below, where possible
> qr'.\.(bat|cab|cmd|com|cpl|dll|exe|lha|mis|pif|reg|scr|vbs|wsf|wsh)$'i,
>
> # mime types to block
> qr'^application/x-msdownload$'i,
> qr'^application/x-msdos-program$'i,
> qr'^application/hta$'i,
>
> # don't allow attachments spread out across multiple messages [rfc2046]
> qr'^message/partial$'i,
> qr'^message/external-body$'i,
>
> # files types to block [as per file(1)]
> qr'^\.(cab|dll|exe|exe-ms|lha|tnef)$',
>
> # blocks attachments whose names contain clsid extensions
> qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # strict
> #qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # loose
> );
>
> what am i missing?
The macro %F (producing: .image,.png,image001.png) just shows a
leaf note of the MIME and archives tree. A banning reason may
be in one of its parents, e.g. a MIME type or a type of an
archive (like zip).
Search the log (log level 1) for ' p.path' corresponding to that
mail message, it will show a more detailed information on the
banning reason.
Mark
More information about the amavis-users
mailing list