quarantine all zip files for one of two policy banks

btb listsb-amavis at bitrate.net
Wed Apr 20 18:57:18 CEST 2016 

hi-

i have amavis configured with two policy banks [one for "incoming" mail, 
and one for "outgoing" mail].  i'd like to quarantine all zip files for 
incoming mail.  here's a hopefully relevant section of my current 
config.  i'm happy to provide more detail if needed.

# post processing destinies
$final_virus_destiny        = D_DISCARD;
$final_banned_destiny       = D_DISCARD;
$final_spam_destiny         = D_PASS;
$final_bad_header_destiny   = D_PASS;

# policy banks
## mail coming in from the internet
$interface_policy{$external_port} = 'external';
$policy_bank{'external'} = {
     # this policy bank is used as the default policy bank,
     # so no overrides to the global settings are specified here

     # enable os fingerprinting
     # "*" means that amavis will direct the p0f analyzer query to whichever
     # host relayed the message to it
     os_fingerprint_method => "p0f:*:$p0f_analyzer_port",
};

## mail going out to the internet
$interface_policy{$internal_port} = 'internal';
$policy_bank{'internal'} = {
     # allow access only from localhost, the mail submission agents, and
     # the network manager vlan [for troubleshooting purposes]
     inet_acl            => [ '127.0.0.0/8', '[::1]', '10.3.70.10/32', 
'10.3.70.11/32', '10.68.0.0/16' ],
     forward_method      => "smtp:[$msa_host]:$internal_reinject_port",
     requeue_method      => "lmtp:[localhost]:$internal_port",

     # mail thought to be spam or invalid is quarantined
     final_spam_destiny          => D_DISCARD,
     final_bad_header_destiny    => D_DISCARD,
};

# basic, rudimentary banning of some files/filenames
$banned_filename_re = new_RE(
     qr'^UNDECIPHERABLE$',   # is or contains any undecipherable components

     # block certain double extensions anywhere in the base name
 
qr'\.[^./]*[A-Za-z][^./]*\.\s*(bat|cmd|com|cpl|dll|exe|pif|reg|scr|vbs)[.\s]*$'i,

     # allow any file types within such archives
     [ qr'^\.(Z|gz|bz2)$'                => 0 ], # unix-compressed
     [ qr'^\.(rpm|cpio|tar)$'            => 0 ], # unix archives
     [ qr'^\.(zip|rar|arc|arj|zoo)$'     => 0 ], # other/misc

     # rudimentary extension blocking [based on file name alone]
     # note: extensions added here should also have entries for mime or
     # file types below, where possible
     qr'.\.(bat|cab|cmd|com|cpl|dll|exe|lha|mis|pif|reg|scr|vbs|wsf|wsh)$'i,

     # mime types to block
     qr'^application/x-msdownload$'i,
     qr'^application/x-msdos-program$'i,
     qr'^application/hta$'i,

     # don't allow attachments spread out across multiple messages [rfc2046]
     qr'^message/partial$'i,
     qr'^message/external-body$'i,

     # files types to block [as per file(1)]
     qr'^\.(cab|dll|exe|exe-ms|lha)$',

     # blocks attachments whose names contain clsid extensions
     qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i,    # strict
     #qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i,            # loose
);

thanks
-ben

More information about the amavis-users mailing list