Forwarded mails are not scanned

Thomas M Steenholdt tmus at tmus.dk
Wed Mar 11 18:38:03 CET 2015


On 2015-03-11 14:07, Benny Pedersen wrote:
> Thomas M Steenholdt skrev den 2015-03-11 17:46:
>
>> When mails are forwarded as an attachment, those attachments are not
>> properly scanned by Amavisd-new. I have all sorts of malware and blocked
>> files coming in that way.
>
> if its blocked where is the problem then ?
>
What I meant was; Files that should otherwise have been blocked, are let
through.

>> How to fix?
>
> define the problem with logs ? :)
Let me try to get a log snippet...

>
> first step if possible try foxhole signatures in clamav, did that
> solve it ?
>
ClamAV should not be involved in blocking filetypes, right?

> you say forwarded, is it forwarded localy or remote forwarded ?
Forwarded in the MUA. E.g. thunderbird, right click e-mail and forward
as attachment. Results in a new e-mail, with an .eml file attached. This
.eml file is a complete mail including .zip, .exe, .scr, .whatnot.

ClamAV actually scans the .eml file and finds infected files. Problem is
when a new outbreak occur, stuff like .scr and .exe files are let
through this way (before ClamAV's signature detects it's infected).

>
> is the malware detected if you ripmime emails that contains it ?
>
In that case, the individual attachments (inside the .eml attchment) is
found just fine. The problem is with the .eml file not being processed
properly.

> i have more silly questions if it helps :=)
Bring 'em on :-)

/T


More information about the amavis-users mailing list