BANNED contents (.image, .png, image001.png) in mail FROM [192.0.2.0]:48963

[Damian]

Hi,

are there objections to search for the actual banning reason? If not, I would like to propose a patch.

Kind regards
 Damian

> ben,
>
>> i'm getting the following notifications:
>>
>> Subject: BANNED contents (.image,.png,image001.png) in mail FROM [192.0.2.0]:48963
>>
>> No viruses were found.
>>
>> Banned name: .image,.png,image001.png
>> Content type: Banned
>> Internal reference code for the message is 07049-20/tsuDhcN5qlnc
>>
>> [...]
>> The message has been quarantined as: t/banned-tsuDhcN5qlnc
>>
>> but i'm having trouble figuring out why these contents were banned.  i don't intentionally have things configured this way.  here are my current settings i believe are related to this?:
>>
>> $banned_filename_re = new_RE(
>>     qr'^UNDECIPHERABLE$',    # is or contains any undecipherable components
>>
>>     # block certain double extensions anywhere in the base name
>>     qr'\.[^./]*[A-Za-z][^./]*\.\s*(bat|cmd|com|cpl|dll|exe|pif|reg|scr|vbs)[.\s]*$'i,
>>
>>     # allow any file types within such archives
>>     [ qr'^\.(Z|gz|bz2)$'                => 0 ],    # unix-compressed
>>     [ qr'^\.(rpm|cpio|tar)$'            => 0 ],    # unix archives
>>     [ qr'^\.(zip|rar|arc|arj|zoo)$'            => 0 ],    # other/misc
>>
>>     # rudimentary extension blocking [based on file name alone]
>>     # note: extensions added here should also have entries for mime or
>>     # file types below, where possible
>>     qr'.\.(bat|cab|cmd|com|cpl|dll|exe|lha|mis|pif|reg|scr|vbs|wsf|wsh)$'i,
>>
>>     # mime types to block
>>     qr'^application/x-msdownload$'i,
>>     qr'^application/x-msdos-program$'i,
>>     qr'^application/hta$'i,
>>
>>     # don't allow attachments spread out across multiple messages [rfc2046]
>>     qr'^message/partial$'i,
>>     qr'^message/external-body$'i,
>>
>>     # files types to block [as per file(1)]
>>     qr'^\.(cab|dll|exe|exe-ms|lha|tnef)$',
>>
>>     # blocks attachments whose names contain clsid extensions
>>     qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i,    # strict
>>     #qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i,        # loose
>> );
>>
>> what am i missing?
>
> The macro %F (producing: .image,.png,image001.png) just shows a
> leaf note of the MIME and archives tree. A banning reason may
> be in one of its parents, e.g. a MIME type or a type of an
> archive (like zip).
>
> Search the log (log level 1) for ' p.path' corresponding to that
> mail message, it will show a more detailed information on the
> banning reason.
>
>   Mark
>

-------------- n�chster Teil --------------
Ein Dateianhang mit Bin�rdaten wurde abgetrennt...
Dateiname   : fix-banning_short_reason.patch
Dateityp    : text/x-patch
Dateigr��e  : 1061 bytes
Beschreibung: nicht verf�gbar
URL         : <http://lists.amavis.org/pipermail/amavis-users/attachments/20140725/d9116ceb/attachment.bin>