Banned files claiming to be quarantined, but not in quarantine -Resolved-
listserv.traffic at sloop.net
listserv.traffic at sloop.net
Fri May 22 23:56:39 CEST 2015
So, I've had two of these:
The server gets a message with winmail.dat which is banned through the rule that blocks tnef's.
Which, while may not be exactly how I want it to act, I'm fine with it so far.
This is the "report" for the banned file:
---
No viruses were found.
Banned name: .image,.png,image001.png,image001.png
Content type: Banned
Internal reference code for the message is 21212-12/vdxXxXxXxXxX
First upstream SMTP client IP address: [12.121.212.121] xyxz-xyz.zxy.xyz.zzx.xxxzzz.com
According to a 'Received:' trace, the message originated at: [45.545.454.545],
xyzxyzxyz at xyz.com [5.4.3.2]
Return-Path: <xyzxyzxyz at xyz.com>
From: "ABC XYZ" <xyzxyzxyz at xyz.com>
Message-ID:
<123456789.123456789 at xyz.com>
Subject: blah blah blah blah blah blah
The message has been quarantined as: abc at def.com
The message WAS NOT relayed to:
<def at def.com>:
250 2.7.0 Ok, discarded, id=19676-18 - BANNED: .image,.png,image001.png,image001.png
<ghi at def.com>:
250 2.7.0 Ok, discarded, id=19676-18 - BANNED: .image,.png,image001.png,image001.png
---
So, it claims to have quarantined it - there's no file name that it quarantined it as. And if I search the quarantine directories for this message, it's simply not there.
Can someone shed some light on this?
Amavis-new 2.6.5 on Ubuntu 12.04, with Postfix and Dovecot.
Pre-accept proxy setup.
Relevent vars:
$final_banned_destiny = D_DISCARD;
$virus_admin = 'it-ops at somewhere.zzz';
$banned_quarantine_to = 'it-ops at somewhere.zzz';
Other messages - at least all we've seen so far get quarantined properly - it just appears to happen to messages with winmail.dat attachments.
So, the fix is this var:
$banned_quarantine_to = 'it-ops at somewhere.zzz';
In my testing, I was quite sure [but must be wrong] that setting this would BOTH quarantine AND send the sysop a copy of the quarantined message. That's NOT the case however. Testing reveals that you get one or the other, NOT BOTH.
So, leaving $banned_quarantine_to undefined [commented out, in my case] returns the system to quarantining the file properly again.
Hope that helps someone.
-Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20150522/2da9d804/attachment.html>
More information about the amavis-users
mailing list