BANNED, message contains text/plain,.exe issue.

Olivier Nicole Olivier.Nicole at cs.ait.ac.th
Mon Mar 9 07:44:01 CET 2015 

Golf,

> Since you have banned .exe all message from Lotus note are banned, even when they have no .exe in it?
> => Yes , correct . Amavisd detect  some email from Lotus note as "BANNED" even that email not have ".exe" inside.
>
> For this issue it look like false positive for us , due to after enabled block ".exe" , "exe-ms" this configuration we just found this issue happened.
>  ### amavisd.conf for BLOCKED ANYWHERE
>  # qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
> qr'^\.(exe|exe-ms|dll)$',                   # banned file(1) types, rudimentary
>
> In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned directory. You could have a close look at the messages and confirm if they are good or not.
> => I've checked this email content before and we found it 's good email and not have .exe attach file inside.
>
> So have you any recommendation to solved this kind of issue ?

You need to look at the full variable $banned_filename_re, it has more
than qr'^\.(exe-ms|dll)$', and goes on several lines, ending with a
single line with );

You also need to look at one good message in /var/virusmail/banned and
see what is the exact contents, why it is banned (example:
X-Amavis-Alert: BANNED, message contains .exe,.exe-ms,PO.exe), etc.

Maybe Lotus note includes a signature that is banned?

Best regards,

Olivier



> Please do not hesitate to contact us , If you have any questions .
> Best Regards.
> ################################
> #  Watthanachai KEKHUA (Golf)
> ################################
>
> DISCLAIMER :
> This email is for the use of the intended recipient(s) only. 
> If you have received this email in error, please notify the sender immediately and then delete it. 
> If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission. 
> We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
> We cannot accept liability for any loss or damage caused by software viruses.
> The information contained in this communication may be confidential and may be subject to the attorney-client privilege. 
> If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
>
>
> -----Original Message-----
> From: Olivier Nicole [mailto:Olivier.Nicole at cs.ait.ac.th] 
> Sent: Monday, March 09, 2015 12:05 PM
> To: Watthanachai Kekhua
> Cc: amavis-users at amavis.org
> Subject: Re: BANNED, message contains text/plain,.exe issue.
>
> Hi Golf,
>
>> Today we found some strange situation for incoming email when enabled  blocking ".exe" in zip file extension on amavisd.conf  as below configuration.
>>
>> ### amavisd.conf for BLOCKED ANYWHERE
>> # qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
>> qr'^\.(exe|exe-ms|dll)$',                   # banned file(1) types, rudimentary
>>
>> Now , We always found banned email from incoming email send from Lotus note MTA .
>> And Sender address try to send attach file ".xls" and normal email with plain text after that our amavisd detect both email as "BANNED" type.
>
> I don't understand what you mean.
>
> Since you have banned .exe all message from Lotus note are banned, even when they have no .exe in it?
>
> In FreeBSD, Amavis usually put the banned email in /var/virusmail/banned directory. You could have a close look at the messages and confirm if they are good or not.
>
> If you *need* to discuss in Thai, maybe I can help.
>
> Best regards,
>
> Olivier
>
>> #maillog message show
>> BANNED, message contains text/plain,.exe
>> (554 5.7.0 Bounce, id=30228-09-2 - BANNED: text/plain,.exe) #Detail 
>> information application FreeBSD 9 Amd64 bit Postfix + 
>> amavisd-new-2.8.0_2
>>
>> Have you ever found this kind of issue and how to solved problem for this issue ?
>>
>> Please do not hesitate to contact us , If you have any questions .
>> Best Regards.
>> ################################
>> #  Watthanachai KEKHUA (Golf)
>> #  Operation And Maintenance Department (OAM) #  Tel: 02-2367227 Ext. 
>> 1624 #  NTT Communications (Thailand) Co., Ltd.
>> #################################
>>
>> DISCLAIMER :
>> This email is for the use of the intended recipient(s) only.
>> If you have received this email in error, please notify the sender immediately and then delete it.
>> If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission.
>> We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message.
>> We cannot accept liability for any loss or damage caused by software viruses.
>> The information contained in this communication may be confidential and may be subject to the attorney-client privilege.
>> If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
>>
>>
>> [2:text/html Show]
>>

--

More information about the amavis-users mailing list