This zip file passes the .exe banning why?

Thomas Jarosch thomas.jarosch at intra2net.com
Mon Apr 11 15:39:58 CEST 2016


Hi Alessandro,

On Monday, 11. April 2016 15:18:11 Alessandro Briosi wrote:
> The file you can find here [1] bypasses amavis extensions checks.
> 
> In my configuration .exe are banned (even inside .zip files)
> 
> Though for some reasons this .zip passes.
> 
> I also have checks for double extensions which on normal files work
> (still even within .zip files)
> I also tryed renaming the file (leaving the .zip)
> 
> This one bypasses the checks and I'm probably too dumb to find out why.
> 
> Any help would be appreciated.
> 
> **N.B. Obviously it's a virus so do not execute the file!!!!!!**

two things you could try:

1. Test if .exe detection in .zip files works generally.
Just grab any .exe file, zip it and send it through the filter.

Is that properly banned?

2. If so, it's probably some whitelist issue. Please inspect the amavisd log 
output about the detected MIME type.
I've posted about a similar whitelist issue here:
https://lists.amavis.org/pipermail/amavis-users/2016-March/004125.html


Best regards,
Thomas



More information about the amavis-users mailing list